1/*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * a) Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * b) Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the distribution. 15 * 16 * c) Neither the name of Cisco Systems, Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#ifdef __FreeBSD__ 34#include <sys/cdefs.h> 35__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 271230 2014-09-07 18:05:37Z tuexen $"); 36#endif 37 38#include <netinet/sctp_os.h> 39#ifdef __FreeBSD__ 40#include <sys/proc.h> 41#endif 42#include <netinet/sctp_var.h> 43#include <netinet/sctp_sysctl.h> 44#include <netinet/sctp_header.h> 45#include <netinet/sctp_pcb.h> 46#include <netinet/sctputil.h> 47#include <netinet/sctp_output.h> 48#include <netinet/sctp_uio.h> 49#include <netinet/sctputil.h> 50#include <netinet/sctp_auth.h> 51#include <netinet/sctp_timer.h> 52#include <netinet/sctp_asconf.h> 53#include <netinet/sctp_indata.h> 54#include <netinet/sctp_bsd_addr.h> 55#include <netinet/sctp_input.h> 56#include <netinet/sctp_crc32.h> 57#if defined(__Userspace_os_Linux) 58#define __FAVOR_BSD /* (on Ubuntu at least) enables UDP header field names like BSD in RFC 768 */ 59#endif 60#if defined(INET) || defined(INET6) 61#if !defined(__Userspace_os_Windows) 62#include <netinet/udp.h> 63#endif 64#endif 65#if defined(__APPLE__) 66#include <netinet/in.h> 67#endif 68#if defined(__FreeBSD__) 69#if defined(__FreeBSD__) && __FreeBSD_version >= 800000 70#include <netinet/udp_var.h> 71#endif 72#include <machine/in_cksum.h> 73#endif 74#if defined(__Userspace__) && defined(INET6) 75#include <netinet6/sctp6_var.h> 76#endif 77 78#if defined(__APPLE__) 79#define APPLE_FILE_NO 3 80#endif 81 82#if defined(__APPLE__) 83#if !(defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)) 84#define SCTP_MAX_LINKHDR 16 85#endif 86#endif 87 88#define SCTP_MAX_GAPS_INARRAY 4 89struct sack_track { 90 uint8_t right_edge; /* mergable on the right edge */ 91 uint8_t left_edge; /* mergable on the left edge */ 92 uint8_t num_entries; 93 uint8_t spare; 94 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY]; 95}; 96 97struct sack_track sack_array[256] = { 98 {0, 0, 0, 0, /* 0x00 */ 99 {{0, 0}, 100 {0, 0}, 101 {0, 0}, 102 {0, 0} 103 } 104 }, 105 {1, 0, 1, 0, /* 0x01 */ 106 {{0, 0}, 107 {0, 0}, 108 {0, 0}, 109 {0, 0} 110 } 111 }, 112 {0, 0, 1, 0, /* 0x02 */ 113 {{1, 1}, 114 {0, 0}, 115 {0, 0}, 116 {0, 0} 117 } 118 }, 119 {1, 0, 1, 0, /* 0x03 */ 120 {{0, 1}, 121 {0, 0}, 122 {0, 0}, 123 {0, 0} 124 } 125 }, 126 {0, 0, 1, 0, /* 0x04 */ 127 {{2, 2}, 128 {0, 0}, 129 {0, 0}, 130 {0, 0} 131 } 132 }, 133 {1, 0, 2, 0, /* 0x05 */ 134 {{0, 0}, 135 {2, 2}, 136 {0, 0}, 137 {0, 0} 138 } 139 }, 140 {0, 0, 1, 0, /* 0x06 */ 141 {{1, 2}, 142 {0, 0}, 143 {0, 0}, 144 {0, 0} 145 } 146 }, 147 {1, 0, 1, 0, /* 0x07 */ 148 {{0, 2}, 149 {0, 0}, 150 {0, 0}, 151 {0, 0} 152 } 153 }, 154 {0, 0, 1, 0, /* 0x08 */ 155 {{3, 3}, 156 {0, 0}, 157 {0, 0}, 158 {0, 0} 159 } 160 }, 161 {1, 0, 2, 0, /* 0x09 */ 162 {{0, 0}, 163 {3, 3}, 164 {0, 0}, 165 {0, 0} 166 } 167 }, 168 {0, 0, 2, 0, /* 0x0a */ 169 {{1, 1}, 170 {3, 3}, 171 {0, 0}, 172 {0, 0} 173 } 174 }, 175 {1, 0, 2, 0, /* 0x0b */ 176 {{0, 1}, 177 {3, 3}, 178 {0, 0}, 179 {0, 0} 180 } 181 }, 182 {0, 0, 1, 0, /* 0x0c */ 183 {{2, 3}, 184 {0, 0}, 185 {0, 0}, 186 {0, 0} 187 } 188 }, 189 {1, 0, 2, 0, /* 0x0d */ 190 {{0, 0}, 191 {2, 3}, 192 {0, 0}, 193 {0, 0} 194 } 195 }, 196 {0, 0, 1, 0, /* 0x0e */ 197 {{1, 3}, 198 {0, 0}, 199 {0, 0}, 200 {0, 0} 201 } 202 }, 203 {1, 0, 1, 0, /* 0x0f */ 204 {{0, 3}, 205 {0, 0}, 206 {0, 0}, 207 {0, 0} 208 } 209 }, 210 {0, 0, 1, 0, /* 0x10 */ 211 {{4, 4}, 212 {0, 0}, 213 {0, 0}, 214 {0, 0} 215 } 216 }, 217 {1, 0, 2, 0, /* 0x11 */ 218 {{0, 0}, 219 {4, 4}, 220 {0, 0}, 221 {0, 0} 222 } 223 }, 224 {0, 0, 2, 0, /* 0x12 */ 225 {{1, 1}, 226 {4, 4}, 227 {0, 0}, 228 {0, 0} 229 } 230 }, 231 {1, 0, 2, 0, /* 0x13 */ 232 {{0, 1}, 233 {4, 4}, 234 {0, 0}, 235 {0, 0} 236 } 237 }, 238 {0, 0, 2, 0, /* 0x14 */ 239 {{2, 2}, 240 {4, 4}, 241 {0, 0}, 242 {0, 0} 243 } 244 }, 245 {1, 0, 3, 0, /* 0x15 */ 246 {{0, 0}, 247 {2, 2}, 248 {4, 4}, 249 {0, 0} 250 } 251 }, 252 {0, 0, 2, 0, /* 0x16 */ 253 {{1, 2}, 254 {4, 4}, 255 {0, 0}, 256 {0, 0} 257 } 258 }, 259 {1, 0, 2, 0, /* 0x17 */ 260 {{0, 2}, 261 {4, 4}, 262 {0, 0}, 263 {0, 0} 264 } 265 }, 266 {0, 0, 1, 0, /* 0x18 */ 267 {{3, 4}, 268 {0, 0}, 269 {0, 0}, 270 {0, 0} 271 } 272 }, 273 {1, 0, 2, 0, /* 0x19 */ 274 {{0, 0}, 275 {3, 4}, 276 {0, 0}, 277 {0, 0} 278 } 279 }, 280 {0, 0, 2, 0, /* 0x1a */ 281 {{1, 1}, 282 {3, 4}, 283 {0, 0}, 284 {0, 0} 285 } 286 }, 287 {1, 0, 2, 0, /* 0x1b */ 288 {{0, 1}, 289 {3, 4}, 290 {0, 0}, 291 {0, 0} 292 } 293 }, 294 {0, 0, 1, 0, /* 0x1c */ 295 {{2, 4}, 296 {0, 0}, 297 {0, 0}, 298 {0, 0} 299 } 300 }, 301 {1, 0, 2, 0, /* 0x1d */ 302 {{0, 0}, 303 {2, 4}, 304 {0, 0}, 305 {0, 0} 306 } 307 }, 308 {0, 0, 1, 0, /* 0x1e */ 309 {{1, 4}, 310 {0, 0}, 311 {0, 0}, 312 {0, 0} 313 } 314 }, 315 {1, 0, 1, 0, /* 0x1f */ 316 {{0, 4}, 317 {0, 0}, 318 {0, 0}, 319 {0, 0} 320 } 321 }, 322 {0, 0, 1, 0, /* 0x20 */ 323 {{5, 5}, 324 {0, 0}, 325 {0, 0}, 326 {0, 0} 327 } 328 }, 329 {1, 0, 2, 0, /* 0x21 */ 330 {{0, 0}, 331 {5, 5}, 332 {0, 0}, 333 {0, 0} 334 } 335 }, 336 {0, 0, 2, 0, /* 0x22 */ 337 {{1, 1}, 338 {5, 5}, 339 {0, 0}, 340 {0, 0} 341 } 342 }, 343 {1, 0, 2, 0, /* 0x23 */ 344 {{0, 1}, 345 {5, 5}, 346 {0, 0}, 347 {0, 0} 348 } 349 }, 350 {0, 0, 2, 0, /* 0x24 */ 351 {{2, 2}, 352 {5, 5}, 353 {0, 0}, 354 {0, 0} 355 } 356 }, 357 {1, 0, 3, 0, /* 0x25 */ 358 {{0, 0}, 359 {2, 2}, 360 {5, 5}, 361 {0, 0} 362 } 363 }, 364 {0, 0, 2, 0, /* 0x26 */ 365 {{1, 2}, 366 {5, 5}, 367 {0, 0}, 368 {0, 0} 369 } 370 }, 371 {1, 0, 2, 0, /* 0x27 */ 372 {{0, 2}, 373 {5, 5}, 374 {0, 0}, 375 {0, 0} 376 } 377 }, 378 {0, 0, 2, 0, /* 0x28 */ 379 {{3, 3}, 380 {5, 5}, 381 {0, 0}, 382 {0, 0} 383 } 384 }, 385 {1, 0, 3, 0, /* 0x29 */ 386 {{0, 0}, 387 {3, 3}, 388 {5, 5}, 389 {0, 0} 390 } 391 }, 392 {0, 0, 3, 0, /* 0x2a */ 393 {{1, 1}, 394 {3, 3}, 395 {5, 5}, 396 {0, 0} 397 } 398 }, 399 {1, 0, 3, 0, /* 0x2b */ 400 {{0, 1}, 401 {3, 3}, 402 {5, 5}, 403 {0, 0} 404 } 405 }, 406 {0, 0, 2, 0, /* 0x2c */ 407 {{2, 3}, 408 {5, 5}, 409 {0, 0}, 410 {0, 0} 411 } 412 }, 413 {1, 0, 3, 0, /* 0x2d */ 414 {{0, 0}, 415 {2, 3}, 416 {5, 5}, 417 {0, 0} 418 } 419 }, 420 {0, 0, 2, 0, /* 0x2e */ 421 {{1, 3}, 422 {5, 5}, 423 {0, 0}, 424 {0, 0} 425 } 426 }, 427 {1, 0, 2, 0, /* 0x2f */ 428 {{0, 3}, 429 {5, 5}, 430 {0, 0}, 431 {0, 0} 432 } 433 }, 434 {0, 0, 1, 0, /* 0x30 */ 435 {{4, 5}, 436 {0, 0}, 437 {0, 0}, 438 {0, 0} 439 } 440 }, 441 {1, 0, 2, 0, /* 0x31 */ 442 {{0, 0}, 443 {4, 5}, 444 {0, 0}, 445 {0, 0} 446 } 447 }, 448 {0, 0, 2, 0, /* 0x32 */ 449 {{1, 1}, 450 {4, 5}, 451 {0, 0}, 452 {0, 0} 453 } 454 }, 455 {1, 0, 2, 0, /* 0x33 */ 456 {{0, 1}, 457 {4, 5}, 458 {0, 0}, 459 {0, 0} 460 } 461 }, 462 {0, 0, 2, 0, /* 0x34 */ 463 {{2, 2}, 464 {4, 5}, 465 {0, 0}, 466 {0, 0} 467 } 468 }, 469 {1, 0, 3, 0, /* 0x35 */ 470 {{0, 0}, 471 {2, 2}, 472 {4, 5}, 473 {0, 0} 474 } 475 }, 476 {0, 0, 2, 0, /* 0x36 */ 477 {{1, 2}, 478 {4, 5}, 479 {0, 0}, 480 {0, 0} 481 } 482 }, 483 {1, 0, 2, 0, /* 0x37 */ 484 {{0, 2}, 485 {4, 5}, 486 {0, 0}, 487 {0, 0} 488 } 489 }, 490 {0, 0, 1, 0, /* 0x38 */ 491 {{3, 5}, 492 {0, 0}, 493 {0, 0}, 494 {0, 0} 495 } 496 }, 497 {1, 0, 2, 0, /* 0x39 */ 498 {{0, 0}, 499 {3, 5}, 500 {0, 0}, 501 {0, 0} 502 } 503 }, 504 {0, 0, 2, 0, /* 0x3a */ 505 {{1, 1}, 506 {3, 5}, 507 {0, 0}, 508 {0, 0} 509 } 510 }, 511 {1, 0, 2, 0, /* 0x3b */ 512 {{0, 1}, 513 {3, 5}, 514 {0, 0}, 515 {0, 0} 516 } 517 }, 518 {0, 0, 1, 0, /* 0x3c */ 519 {{2, 5}, 520 {0, 0}, 521 {0, 0}, 522 {0, 0} 523 } 524 }, 525 {1, 0, 2, 0, /* 0x3d */ 526 {{0, 0}, 527 {2, 5}, 528 {0, 0}, 529 {0, 0} 530 } 531 }, 532 {0, 0, 1, 0, /* 0x3e */ 533 {{1, 5}, 534 {0, 0}, 535 {0, 0}, 536 {0, 0} 537 } 538 }, 539 {1, 0, 1, 0, /* 0x3f */ 540 {{0, 5}, 541 {0, 0}, 542 {0, 0}, 543 {0, 0} 544 } 545 }, 546 {0, 0, 1, 0, /* 0x40 */ 547 {{6, 6}, 548 {0, 0}, 549 {0, 0}, 550 {0, 0} 551 } 552 }, 553 {1, 0, 2, 0, /* 0x41 */ 554 {{0, 0}, 555 {6, 6}, 556 {0, 0}, 557 {0, 0} 558 } 559 }, 560 {0, 0, 2, 0, /* 0x42 */ 561 {{1, 1}, 562 {6, 6}, 563 {0, 0}, 564 {0, 0} 565 } 566 }, 567 {1, 0, 2, 0, /* 0x43 */ 568 {{0, 1}, 569 {6, 6}, 570 {0, 0}, 571 {0, 0} 572 } 573 }, 574 {0, 0, 2, 0, /* 0x44 */ 575 {{2, 2}, 576 {6, 6}, 577 {0, 0}, 578 {0, 0} 579 } 580 }, 581 {1, 0, 3, 0, /* 0x45 */ 582 {{0, 0}, 583 {2, 2}, 584 {6, 6}, 585 {0, 0} 586 } 587 }, 588 {0, 0, 2, 0, /* 0x46 */ 589 {{1, 2}, 590 {6, 6}, 591 {0, 0}, 592 {0, 0} 593 } 594 }, 595 {1, 0, 2, 0, /* 0x47 */ 596 {{0, 2}, 597 {6, 6}, 598 {0, 0}, 599 {0, 0} 600 } 601 }, 602 {0, 0, 2, 0, /* 0x48 */ 603 {{3, 3}, 604 {6, 6}, 605 {0, 0}, 606 {0, 0} 607 } 608 }, 609 {1, 0, 3, 0, /* 0x49 */ 610 {{0, 0}, 611 {3, 3}, 612 {6, 6}, 613 {0, 0} 614 } 615 }, 616 {0, 0, 3, 0, /* 0x4a */ 617 {{1, 1}, 618 {3, 3}, 619 {6, 6}, 620 {0, 0} 621 } 622 }, 623 {1, 0, 3, 0, /* 0x4b */ 624 {{0, 1}, 625 {3, 3}, 626 {6, 6}, 627 {0, 0} 628 } 629 }, 630 {0, 0, 2, 0, /* 0x4c */ 631 {{2, 3}, 632 {6, 6}, 633 {0, 0}, 634 {0, 0} 635 } 636 }, 637 {1, 0, 3, 0, /* 0x4d */ 638 {{0, 0}, 639 {2, 3}, 640 {6, 6}, 641 {0, 0} 642 } 643 }, 644 {0, 0, 2, 0, /* 0x4e */ 645 {{1, 3}, 646 {6, 6}, 647 {0, 0}, 648 {0, 0} 649 } 650 }, 651 {1, 0, 2, 0, /* 0x4f */ 652 {{0, 3}, 653 {6, 6}, 654 {0, 0}, 655 {0, 0} 656 } 657 }, 658 {0, 0, 2, 0, /* 0x50 */ 659 {{4, 4}, 660 {6, 6}, 661 {0, 0}, 662 {0, 0} 663 } 664 }, 665 {1, 0, 3, 0, /* 0x51 */ 666 {{0, 0}, 667 {4, 4}, 668 {6, 6}, 669 {0, 0} 670 } 671 }, 672 {0, 0, 3, 0, /* 0x52 */ 673 {{1, 1}, 674 {4, 4}, 675 {6, 6}, 676 {0, 0} 677 } 678 }, 679 {1, 0, 3, 0, /* 0x53 */ 680 {{0, 1}, 681 {4, 4}, 682 {6, 6}, 683 {0, 0} 684 } 685 }, 686 {0, 0, 3, 0, /* 0x54 */ 687 {{2, 2}, 688 {4, 4}, 689 {6, 6}, 690 {0, 0} 691 } 692 }, 693 {1, 0, 4, 0, /* 0x55 */ 694 {{0, 0}, 695 {2, 2}, 696 {4, 4}, 697 {6, 6} 698 } 699 }, 700 {0, 0, 3, 0, /* 0x56 */ 701 {{1, 2}, 702 {4, 4}, 703 {6, 6}, 704 {0, 0} 705 } 706 }, 707 {1, 0, 3, 0, /* 0x57 */ 708 {{0, 2}, 709 {4, 4}, 710 {6, 6}, 711 {0, 0} 712 } 713 }, 714 {0, 0, 2, 0, /* 0x58 */ 715 {{3, 4}, 716 {6, 6}, 717 {0, 0}, 718 {0, 0} 719 } 720 }, 721 {1, 0, 3, 0, /* 0x59 */ 722 {{0, 0}, 723 {3, 4}, 724 {6, 6}, 725 {0, 0} 726 } 727 }, 728 {0, 0, 3, 0, /* 0x5a */ 729 {{1, 1}, 730 {3, 4}, 731 {6, 6}, 732 {0, 0} 733 } 734 }, 735 {1, 0, 3, 0, /* 0x5b */ 736 {{0, 1}, 737 {3, 4}, 738 {6, 6}, 739 {0, 0} 740 } 741 }, 742 {0, 0, 2, 0, /* 0x5c */ 743 {{2, 4}, 744 {6, 6}, 745 {0, 0}, 746 {0, 0} 747 } 748 }, 749 {1, 0, 3, 0, /* 0x5d */ 750 {{0, 0}, 751 {2, 4}, 752 {6, 6}, 753 {0, 0} 754 } 755 }, 756 {0, 0, 2, 0, /* 0x5e */ 757 {{1, 4}, 758 {6, 6}, 759 {0, 0}, 760 {0, 0} 761 } 762 }, 763 {1, 0, 2, 0, /* 0x5f */ 764 {{0, 4}, 765 {6, 6}, 766 {0, 0}, 767 {0, 0} 768 } 769 }, 770 {0, 0, 1, 0, /* 0x60 */ 771 {{5, 6}, 772 {0, 0}, 773 {0, 0}, 774 {0, 0} 775 } 776 }, 777 {1, 0, 2, 0, /* 0x61 */ 778 {{0, 0}, 779 {5, 6}, 780 {0, 0}, 781 {0, 0} 782 } 783 }, 784 {0, 0, 2, 0, /* 0x62 */ 785 {{1, 1}, 786 {5, 6}, 787 {0, 0}, 788 {0, 0} 789 } 790 }, 791 {1, 0, 2, 0, /* 0x63 */ 792 {{0, 1}, 793 {5, 6}, 794 {0, 0}, 795 {0, 0} 796 } 797 }, 798 {0, 0, 2, 0, /* 0x64 */ 799 {{2, 2}, 800 {5, 6}, 801 {0, 0}, 802 {0, 0} 803 } 804 }, 805 {1, 0, 3, 0, /* 0x65 */ 806 {{0, 0}, 807 {2, 2}, 808 {5, 6}, 809 {0, 0} 810 } 811 }, 812 {0, 0, 2, 0, /* 0x66 */ 813 {{1, 2}, 814 {5, 6}, 815 {0, 0}, 816 {0, 0} 817 } 818 }, 819 {1, 0, 2, 0, /* 0x67 */ 820 {{0, 2}, 821 {5, 6}, 822 {0, 0}, 823 {0, 0} 824 } 825 }, 826 {0, 0, 2, 0, /* 0x68 */ 827 {{3, 3}, 828 {5, 6}, 829 {0, 0}, 830 {0, 0} 831 } 832 }, 833 {1, 0, 3, 0, /* 0x69 */ 834 {{0, 0}, 835 {3, 3}, 836 {5, 6}, 837 {0, 0} 838 } 839 }, 840 {0, 0, 3, 0, /* 0x6a */ 841 {{1, 1}, 842 {3, 3}, 843 {5, 6}, 844 {0, 0} 845 } 846 }, 847 {1, 0, 3, 0, /* 0x6b */ 848 {{0, 1}, 849 {3, 3}, 850 {5, 6}, 851 {0, 0} 852 } 853 }, 854 {0, 0, 2, 0, /* 0x6c */ 855 {{2, 3}, 856 {5, 6}, 857 {0, 0}, 858 {0, 0} 859 } 860 }, 861 {1, 0, 3, 0, /* 0x6d */ 862 {{0, 0}, 863 {2, 3}, 864 {5, 6}, 865 {0, 0} 866 } 867 }, 868 {0, 0, 2, 0, /* 0x6e */ 869 {{1, 3}, 870 {5, 6}, 871 {0, 0}, 872 {0, 0} 873 } 874 }, 875 {1, 0, 2, 0, /* 0x6f */ 876 {{0, 3}, 877 {5, 6}, 878 {0, 0}, 879 {0, 0} 880 } 881 }, 882 {0, 0, 1, 0, /* 0x70 */ 883 {{4, 6}, 884 {0, 0}, 885 {0, 0}, 886 {0, 0} 887 } 888 }, 889 {1, 0, 2, 0, /* 0x71 */ 890 {{0, 0}, 891 {4, 6}, 892 {0, 0}, 893 {0, 0} 894 } 895 }, 896 {0, 0, 2, 0, /* 0x72 */ 897 {{1, 1}, 898 {4, 6}, 899 {0, 0}, 900 {0, 0} 901 } 902 }, 903 {1, 0, 2, 0, /* 0x73 */ 904 {{0, 1}, 905 {4, 6}, 906 {0, 0}, 907 {0, 0} 908 } 909 }, 910 {0, 0, 2, 0, /* 0x74 */ 911 {{2, 2}, 912 {4, 6}, 913 {0, 0}, 914 {0, 0} 915 } 916 }, 917 {1, 0, 3, 0, /* 0x75 */ 918 {{0, 0}, 919 {2, 2}, 920 {4, 6}, 921 {0, 0} 922 } 923 }, 924 {0, 0, 2, 0, /* 0x76 */ 925 {{1, 2}, 926 {4, 6}, 927 {0, 0}, 928 {0, 0} 929 } 930 }, 931 {1, 0, 2, 0, /* 0x77 */ 932 {{0, 2}, 933 {4, 6}, 934 {0, 0}, 935 {0, 0} 936 } 937 }, 938 {0, 0, 1, 0, /* 0x78 */ 939 {{3, 6}, 940 {0, 0}, 941 {0, 0}, 942 {0, 0} 943 } 944 }, 945 {1, 0, 2, 0, /* 0x79 */ 946 {{0, 0}, 947 {3, 6}, 948 {0, 0}, 949 {0, 0} 950 } 951 }, 952 {0, 0, 2, 0, /* 0x7a */ 953 {{1, 1}, 954 {3, 6}, 955 {0, 0}, 956 {0, 0} 957 } 958 }, 959 {1, 0, 2, 0, /* 0x7b */ 960 {{0, 1}, 961 {3, 6}, 962 {0, 0}, 963 {0, 0} 964 } 965 }, 966 {0, 0, 1, 0, /* 0x7c */ 967 {{2, 6}, 968 {0, 0}, 969 {0, 0}, 970 {0, 0} 971 } 972 }, 973 {1, 0, 2, 0, /* 0x7d */ 974 {{0, 0}, 975 {2, 6}, 976 {0, 0}, 977 {0, 0} 978 } 979 }, 980 {0, 0, 1, 0, /* 0x7e */ 981 {{1, 6}, 982 {0, 0}, 983 {0, 0}, 984 {0, 0} 985 } 986 }, 987 {1, 0, 1, 0, /* 0x7f */ 988 {{0, 6}, 989 {0, 0}, 990 {0, 0}, 991 {0, 0} 992 } 993 }, 994 {0, 1, 1, 0, /* 0x80 */ 995 {{7, 7}, 996 {0, 0}, 997 {0, 0}, 998 {0, 0} 999 } 1000 }, 1001 {1, 1, 2, 0, /* 0x81 */ 1002 {{0, 0}, 1003 {7, 7}, 1004 {0, 0}, 1005 {0, 0} 1006 } 1007 }, 1008 {0, 1, 2, 0, /* 0x82 */ 1009 {{1, 1}, 1010 {7, 7}, 1011 {0, 0}, 1012 {0, 0} 1013 } 1014 }, 1015 {1, 1, 2, 0, /* 0x83 */ 1016 {{0, 1}, 1017 {7, 7}, 1018 {0, 0}, 1019 {0, 0} 1020 } 1021 }, 1022 {0, 1, 2, 0, /* 0x84 */ 1023 {{2, 2}, 1024 {7, 7}, 1025 {0, 0}, 1026 {0, 0} 1027 } 1028 }, 1029 {1, 1, 3, 0, /* 0x85 */ 1030 {{0, 0}, 1031 {2, 2}, 1032 {7, 7}, 1033 {0, 0} 1034 } 1035 }, 1036 {0, 1, 2, 0, /* 0x86 */ 1037 {{1, 2}, 1038 {7, 7}, 1039 {0, 0}, 1040 {0, 0} 1041 } 1042 }, 1043 {1, 1, 2, 0, /* 0x87 */ 1044 {{0, 2}, 1045 {7, 7}, 1046 {0, 0}, 1047 {0, 0} 1048 } 1049 }, 1050 {0, 1, 2, 0, /* 0x88 */ 1051 {{3, 3}, 1052 {7, 7}, 1053 {0, 0}, 1054 {0, 0} 1055 } 1056 }, 1057 {1, 1, 3, 0, /* 0x89 */ 1058 {{0, 0}, 1059 {3, 3}, 1060 {7, 7}, 1061 {0, 0} 1062 } 1063 }, 1064 {0, 1, 3, 0, /* 0x8a */ 1065 {{1, 1}, 1066 {3, 3}, 1067 {7, 7}, 1068 {0, 0} 1069 } 1070 }, 1071 {1, 1, 3, 0, /* 0x8b */ 1072 {{0, 1}, 1073 {3, 3}, 1074 {7, 7}, 1075 {0, 0} 1076 } 1077 }, 1078 {0, 1, 2, 0, /* 0x8c */ 1079 {{2, 3}, 1080 {7, 7}, 1081 {0, 0}, 1082 {0, 0} 1083 } 1084 }, 1085 {1, 1, 3, 0, /* 0x8d */ 1086 {{0, 0}, 1087 {2, 3}, 1088 {7, 7}, 1089 {0, 0} 1090 } 1091 }, 1092 {0, 1, 2, 0, /* 0x8e */ 1093 {{1, 3}, 1094 {7, 7}, 1095 {0, 0}, 1096 {0, 0} 1097 } 1098 }, 1099 {1, 1, 2, 0, /* 0x8f */ 1100 {{0, 3}, 1101 {7, 7}, 1102 {0, 0}, 1103 {0, 0} 1104 } 1105 }, 1106 {0, 1, 2, 0, /* 0x90 */ 1107 {{4, 4}, 1108 {7, 7}, 1109 {0, 0}, 1110 {0, 0} 1111 } 1112 }, 1113 {1, 1, 3, 0, /* 0x91 */ 1114 {{0, 0}, 1115 {4, 4}, 1116 {7, 7}, 1117 {0, 0} 1118 } 1119 }, 1120 {0, 1, 3, 0, /* 0x92 */ 1121 {{1, 1}, 1122 {4, 4}, 1123 {7, 7}, 1124 {0, 0} 1125 } 1126 }, 1127 {1, 1, 3, 0, /* 0x93 */ 1128 {{0, 1}, 1129 {4, 4}, 1130 {7, 7}, 1131 {0, 0} 1132 } 1133 }, 1134 {0, 1, 3, 0, /* 0x94 */ 1135 {{2, 2}, 1136 {4, 4}, 1137 {7, 7}, 1138 {0, 0} 1139 } 1140 }, 1141 {1, 1, 4, 0, /* 0x95 */ 1142 {{0, 0}, 1143 {2, 2}, 1144 {4, 4}, 1145 {7, 7} 1146 } 1147 }, 1148 {0, 1, 3, 0, /* 0x96 */ 1149 {{1, 2}, 1150 {4, 4}, 1151 {7, 7}, 1152 {0, 0} 1153 } 1154 }, 1155 {1, 1, 3, 0, /* 0x97 */ 1156 {{0, 2}, 1157 {4, 4}, 1158 {7, 7}, 1159 {0, 0} 1160 } 1161 }, 1162 {0, 1, 2, 0, /* 0x98 */ 1163 {{3, 4}, 1164 {7, 7}, 1165 {0, 0}, 1166 {0, 0} 1167 } 1168 }, 1169 {1, 1, 3, 0, /* 0x99 */ 1170 {{0, 0}, 1171 {3, 4}, 1172 {7, 7}, 1173 {0, 0} 1174 } 1175 }, 1176 {0, 1, 3, 0, /* 0x9a */ 1177 {{1, 1}, 1178 {3, 4}, 1179 {7, 7}, 1180 {0, 0} 1181 } 1182 }, 1183 {1, 1, 3, 0, /* 0x9b */ 1184 {{0, 1}, 1185 {3, 4}, 1186 {7, 7}, 1187 {0, 0} 1188 } 1189 }, 1190 {0, 1, 2, 0, /* 0x9c */ 1191 {{2, 4}, 1192 {7, 7}, 1193 {0, 0}, 1194 {0, 0} 1195 } 1196 }, 1197 {1, 1, 3, 0, /* 0x9d */ 1198 {{0, 0}, 1199 {2, 4}, 1200 {7, 7}, 1201 {0, 0} 1202 } 1203 }, 1204 {0, 1, 2, 0, /* 0x9e */ 1205 {{1, 4}, 1206 {7, 7}, 1207 {0, 0}, 1208 {0, 0} 1209 } 1210 }, 1211 {1, 1, 2, 0, /* 0x9f */ 1212 {{0, 4}, 1213 {7, 7}, 1214 {0, 0}, 1215 {0, 0} 1216 } 1217 }, 1218 {0, 1, 2, 0, /* 0xa0 */ 1219 {{5, 5}, 1220 {7, 7}, 1221 {0, 0}, 1222 {0, 0} 1223 } 1224 }, 1225 {1, 1, 3, 0, /* 0xa1 */ 1226 {{0, 0}, 1227 {5, 5}, 1228 {7, 7}, 1229 {0, 0} 1230 } 1231 }, 1232 {0, 1, 3, 0, /* 0xa2 */ 1233 {{1, 1}, 1234 {5, 5}, 1235 {7, 7}, 1236 {0, 0} 1237 } 1238 }, 1239 {1, 1, 3, 0, /* 0xa3 */ 1240 {{0, 1}, 1241 {5, 5}, 1242 {7, 7}, 1243 {0, 0} 1244 } 1245 }, 1246 {0, 1, 3, 0, /* 0xa4 */ 1247 {{2, 2}, 1248 {5, 5}, 1249 {7, 7}, 1250 {0, 0} 1251 } 1252 }, 1253 {1, 1, 4, 0, /* 0xa5 */ 1254 {{0, 0}, 1255 {2, 2}, 1256 {5, 5}, 1257 {7, 7} 1258 } 1259 }, 1260 {0, 1, 3, 0, /* 0xa6 */ 1261 {{1, 2}, 1262 {5, 5}, 1263 {7, 7}, 1264 {0, 0} 1265 } 1266 }, 1267 {1, 1, 3, 0, /* 0xa7 */ 1268 {{0, 2}, 1269 {5, 5}, 1270 {7, 7}, 1271 {0, 0} 1272 } 1273 }, 1274 {0, 1, 3, 0, /* 0xa8 */ 1275 {{3, 3}, 1276 {5, 5}, 1277 {7, 7}, 1278 {0, 0} 1279 } 1280 }, 1281 {1, 1, 4, 0, /* 0xa9 */ 1282 {{0, 0}, 1283 {3, 3}, 1284 {5, 5}, 1285 {7, 7} 1286 } 1287 }, 1288 {0, 1, 4, 0, /* 0xaa */ 1289 {{1, 1}, 1290 {3, 3}, 1291 {5, 5}, 1292 {7, 7} 1293 } 1294 }, 1295 {1, 1, 4, 0, /* 0xab */ 1296 {{0, 1}, 1297 {3, 3}, 1298 {5, 5}, 1299 {7, 7} 1300 } 1301 }, 1302 {0, 1, 3, 0, /* 0xac */ 1303 {{2, 3}, 1304 {5, 5}, 1305 {7, 7}, 1306 {0, 0} 1307 } 1308 }, 1309 {1, 1, 4, 0, /* 0xad */ 1310 {{0, 0}, 1311 {2, 3}, 1312 {5, 5}, 1313 {7, 7} 1314 } 1315 }, 1316 {0, 1, 3, 0, /* 0xae */ 1317 {{1, 3}, 1318 {5, 5}, 1319 {7, 7}, 1320 {0, 0} 1321 } 1322 }, 1323 {1, 1, 3, 0, /* 0xaf */ 1324 {{0, 3}, 1325 {5, 5}, 1326 {7, 7}, 1327 {0, 0} 1328 } 1329 }, 1330 {0, 1, 2, 0, /* 0xb0 */ 1331 {{4, 5}, 1332 {7, 7}, 1333 {0, 0}, 1334 {0, 0} 1335 } 1336 }, 1337 {1, 1, 3, 0, /* 0xb1 */ 1338 {{0, 0}, 1339 {4, 5}, 1340 {7, 7}, 1341 {0, 0} 1342 } 1343 }, 1344 {0, 1, 3, 0, /* 0xb2 */ 1345 {{1, 1}, 1346 {4, 5}, 1347 {7, 7}, 1348 {0, 0} 1349 } 1350 }, 1351 {1, 1, 3, 0, /* 0xb3 */ 1352 {{0, 1}, 1353 {4, 5}, 1354 {7, 7}, 1355 {0, 0} 1356 } 1357 }, 1358 {0, 1, 3, 0, /* 0xb4 */ 1359 {{2, 2}, 1360 {4, 5}, 1361 {7, 7}, 1362 {0, 0} 1363 } 1364 }, 1365 {1, 1, 4, 0, /* 0xb5 */ 1366 {{0, 0}, 1367 {2, 2}, 1368 {4, 5}, 1369 {7, 7} 1370 } 1371 }, 1372 {0, 1, 3, 0, /* 0xb6 */ 1373 {{1, 2}, 1374 {4, 5}, 1375 {7, 7}, 1376 {0, 0} 1377 } 1378 }, 1379 {1, 1, 3, 0, /* 0xb7 */ 1380 {{0, 2}, 1381 {4, 5}, 1382 {7, 7}, 1383 {0, 0} 1384 } 1385 }, 1386 {0, 1, 2, 0, /* 0xb8 */ 1387 {{3, 5}, 1388 {7, 7}, 1389 {0, 0}, 1390 {0, 0} 1391 } 1392 }, 1393 {1, 1, 3, 0, /* 0xb9 */ 1394 {{0, 0}, 1395 {3, 5}, 1396 {7, 7}, 1397 {0, 0} 1398 } 1399 }, 1400 {0, 1, 3, 0, /* 0xba */ 1401 {{1, 1}, 1402 {3, 5}, 1403 {7, 7}, 1404 {0, 0} 1405 } 1406 }, 1407 {1, 1, 3, 0, /* 0xbb */ 1408 {{0, 1}, 1409 {3, 5}, 1410 {7, 7}, 1411 {0, 0} 1412 } 1413 }, 1414 {0, 1, 2, 0, /* 0xbc */ 1415 {{2, 5}, 1416 {7, 7}, 1417 {0, 0}, 1418 {0, 0} 1419 } 1420 }, 1421 {1, 1, 3, 0, /* 0xbd */ 1422 {{0, 0}, 1423 {2, 5}, 1424 {7, 7}, 1425 {0, 0} 1426 } 1427 }, 1428 {0, 1, 2, 0, /* 0xbe */ 1429 {{1, 5}, 1430 {7, 7}, 1431 {0, 0}, 1432 {0, 0} 1433 } 1434 }, 1435 {1, 1, 2, 0, /* 0xbf */ 1436 {{0, 5}, 1437 {7, 7}, 1438 {0, 0}, 1439 {0, 0} 1440 } 1441 }, 1442 {0, 1, 1, 0, /* 0xc0 */ 1443 {{6, 7}, 1444 {0, 0}, 1445 {0, 0}, 1446 {0, 0} 1447 } 1448 }, 1449 {1, 1, 2, 0, /* 0xc1 */ 1450 {{0, 0}, 1451 {6, 7}, 1452 {0, 0}, 1453 {0, 0} 1454 } 1455 }, 1456 {0, 1, 2, 0, /* 0xc2 */ 1457 {{1, 1}, 1458 {6, 7}, 1459 {0, 0}, 1460 {0, 0} 1461 } 1462 }, 1463 {1, 1, 2, 0, /* 0xc3 */ 1464 {{0, 1}, 1465 {6, 7}, 1466 {0, 0}, 1467 {0, 0} 1468 } 1469 }, 1470 {0, 1, 2, 0, /* 0xc4 */ 1471 {{2, 2}, 1472 {6, 7}, 1473 {0, 0}, 1474 {0, 0} 1475 } 1476 }, 1477 {1, 1, 3, 0, /* 0xc5 */ 1478 {{0, 0}, 1479 {2, 2}, 1480 {6, 7}, 1481 {0, 0} 1482 } 1483 }, 1484 {0, 1, 2, 0, /* 0xc6 */ 1485 {{1, 2}, 1486 {6, 7}, 1487 {0, 0}, 1488 {0, 0} 1489 } 1490 }, 1491 {1, 1, 2, 0, /* 0xc7 */ 1492 {{0, 2}, 1493 {6, 7}, 1494 {0, 0}, 1495 {0, 0} 1496 } 1497 }, 1498 {0, 1, 2, 0, /* 0xc8 */ 1499 {{3, 3}, 1500 {6, 7}, 1501 {0, 0}, 1502 {0, 0} 1503 } 1504 }, 1505 {1, 1, 3, 0, /* 0xc9 */ 1506 {{0, 0}, 1507 {3, 3}, 1508 {6, 7}, 1509 {0, 0} 1510 } 1511 }, 1512 {0, 1, 3, 0, /* 0xca */ 1513 {{1, 1}, 1514 {3, 3}, 1515 {6, 7}, 1516 {0, 0} 1517 } 1518 }, 1519 {1, 1, 3, 0, /* 0xcb */ 1520 {{0, 1}, 1521 {3, 3}, 1522 {6, 7}, 1523 {0, 0} 1524 } 1525 }, 1526 {0, 1, 2, 0, /* 0xcc */ 1527 {{2, 3}, 1528 {6, 7}, 1529 {0, 0}, 1530 {0, 0} 1531 } 1532 }, 1533 {1, 1, 3, 0, /* 0xcd */ 1534 {{0, 0}, 1535 {2, 3}, 1536 {6, 7}, 1537 {0, 0} 1538 } 1539 }, 1540 {0, 1, 2, 0, /* 0xce */ 1541 {{1, 3}, 1542 {6, 7}, 1543 {0, 0}, 1544 {0, 0} 1545 } 1546 }, 1547 {1, 1, 2, 0, /* 0xcf */ 1548 {{0, 3}, 1549 {6, 7}, 1550 {0, 0}, 1551 {0, 0} 1552 } 1553 }, 1554 {0, 1, 2, 0, /* 0xd0 */ 1555 {{4, 4}, 1556 {6, 7}, 1557 {0, 0}, 1558 {0, 0} 1559 } 1560 }, 1561 {1, 1, 3, 0, /* 0xd1 */ 1562 {{0, 0}, 1563 {4, 4}, 1564 {6, 7}, 1565 {0, 0} 1566 } 1567 }, 1568 {0, 1, 3, 0, /* 0xd2 */ 1569 {{1, 1}, 1570 {4, 4}, 1571 {6, 7}, 1572 {0, 0} 1573 } 1574 }, 1575 {1, 1, 3, 0, /* 0xd3 */ 1576 {{0, 1}, 1577 {4, 4}, 1578 {6, 7}, 1579 {0, 0} 1580 } 1581 }, 1582 {0, 1, 3, 0, /* 0xd4 */ 1583 {{2, 2}, 1584 {4, 4}, 1585 {6, 7}, 1586 {0, 0} 1587 } 1588 }, 1589 {1, 1, 4, 0, /* 0xd5 */ 1590 {{0, 0}, 1591 {2, 2}, 1592 {4, 4}, 1593 {6, 7} 1594 } 1595 }, 1596 {0, 1, 3, 0, /* 0xd6 */ 1597 {{1, 2}, 1598 {4, 4}, 1599 {6, 7}, 1600 {0, 0} 1601 } 1602 }, 1603 {1, 1, 3, 0, /* 0xd7 */ 1604 {{0, 2}, 1605 {4, 4}, 1606 {6, 7}, 1607 {0, 0} 1608 } 1609 }, 1610 {0, 1, 2, 0, /* 0xd8 */ 1611 {{3, 4}, 1612 {6, 7}, 1613 {0, 0}, 1614 {0, 0} 1615 } 1616 }, 1617 {1, 1, 3, 0, /* 0xd9 */ 1618 {{0, 0}, 1619 {3, 4}, 1620 {6, 7}, 1621 {0, 0} 1622 } 1623 }, 1624 {0, 1, 3, 0, /* 0xda */ 1625 {{1, 1}, 1626 {3, 4}, 1627 {6, 7}, 1628 {0, 0} 1629 } 1630 }, 1631 {1, 1, 3, 0, /* 0xdb */ 1632 {{0, 1}, 1633 {3, 4}, 1634 {6, 7}, 1635 {0, 0} 1636 } 1637 }, 1638 {0, 1, 2, 0, /* 0xdc */ 1639 {{2, 4}, 1640 {6, 7}, 1641 {0, 0}, 1642 {0, 0} 1643 } 1644 }, 1645 {1, 1, 3, 0, /* 0xdd */ 1646 {{0, 0}, 1647 {2, 4}, 1648 {6, 7}, 1649 {0, 0} 1650 } 1651 }, 1652 {0, 1, 2, 0, /* 0xde */ 1653 {{1, 4}, 1654 {6, 7}, 1655 {0, 0}, 1656 {0, 0} 1657 } 1658 }, 1659 {1, 1, 2, 0, /* 0xdf */ 1660 {{0, 4}, 1661 {6, 7}, 1662 {0, 0}, 1663 {0, 0} 1664 } 1665 }, 1666 {0, 1, 1, 0, /* 0xe0 */ 1667 {{5, 7}, 1668 {0, 0}, 1669 {0, 0}, 1670 {0, 0} 1671 } 1672 }, 1673 {1, 1, 2, 0, /* 0xe1 */ 1674 {{0, 0}, 1675 {5, 7}, 1676 {0, 0}, 1677 {0, 0} 1678 } 1679 }, 1680 {0, 1, 2, 0, /* 0xe2 */ 1681 {{1, 1}, 1682 {5, 7}, 1683 {0, 0}, 1684 {0, 0} 1685 } 1686 }, 1687 {1, 1, 2, 0, /* 0xe3 */ 1688 {{0, 1}, 1689 {5, 7}, 1690 {0, 0}, 1691 {0, 0} 1692 } 1693 }, 1694 {0, 1, 2, 0, /* 0xe4 */ 1695 {{2, 2}, 1696 {5, 7}, 1697 {0, 0}, 1698 {0, 0} 1699 } 1700 }, 1701 {1, 1, 3, 0, /* 0xe5 */ 1702 {{0, 0}, 1703 {2, 2}, 1704 {5, 7}, 1705 {0, 0} 1706 } 1707 }, 1708 {0, 1, 2, 0, /* 0xe6 */ 1709 {{1, 2}, 1710 {5, 7}, 1711 {0, 0}, 1712 {0, 0} 1713 } 1714 }, 1715 {1, 1, 2, 0, /* 0xe7 */ 1716 {{0, 2}, 1717 {5, 7}, 1718 {0, 0}, 1719 {0, 0} 1720 } 1721 }, 1722 {0, 1, 2, 0, /* 0xe8 */ 1723 {{3, 3}, 1724 {5, 7}, 1725 {0, 0}, 1726 {0, 0} 1727 } 1728 }, 1729 {1, 1, 3, 0, /* 0xe9 */ 1730 {{0, 0}, 1731 {3, 3}, 1732 {5, 7}, 1733 {0, 0} 1734 } 1735 }, 1736 {0, 1, 3, 0, /* 0xea */ 1737 {{1, 1}, 1738 {3, 3}, 1739 {5, 7}, 1740 {0, 0} 1741 } 1742 }, 1743 {1, 1, 3, 0, /* 0xeb */ 1744 {{0, 1}, 1745 {3, 3}, 1746 {5, 7}, 1747 {0, 0} 1748 } 1749 }, 1750 {0, 1, 2, 0, /* 0xec */ 1751 {{2, 3}, 1752 {5, 7}, 1753 {0, 0}, 1754 {0, 0} 1755 } 1756 }, 1757 {1, 1, 3, 0, /* 0xed */ 1758 {{0, 0}, 1759 {2, 3}, 1760 {5, 7}, 1761 {0, 0} 1762 } 1763 }, 1764 {0, 1, 2, 0, /* 0xee */ 1765 {{1, 3}, 1766 {5, 7}, 1767 {0, 0}, 1768 {0, 0} 1769 } 1770 }, 1771 {1, 1, 2, 0, /* 0xef */ 1772 {{0, 3}, 1773 {5, 7}, 1774 {0, 0}, 1775 {0, 0} 1776 } 1777 }, 1778 {0, 1, 1, 0, /* 0xf0 */ 1779 {{4, 7}, 1780 {0, 0}, 1781 {0, 0}, 1782 {0, 0} 1783 } 1784 }, 1785 {1, 1, 2, 0, /* 0xf1 */ 1786 {{0, 0}, 1787 {4, 7}, 1788 {0, 0}, 1789 {0, 0} 1790 } 1791 }, 1792 {0, 1, 2, 0, /* 0xf2 */ 1793 {{1, 1}, 1794 {4, 7}, 1795 {0, 0}, 1796 {0, 0} 1797 } 1798 }, 1799 {1, 1, 2, 0, /* 0xf3 */ 1800 {{0, 1}, 1801 {4, 7}, 1802 {0, 0}, 1803 {0, 0} 1804 } 1805 }, 1806 {0, 1, 2, 0, /* 0xf4 */ 1807 {{2, 2}, 1808 {4, 7}, 1809 {0, 0}, 1810 {0, 0} 1811 } 1812 }, 1813 {1, 1, 3, 0, /* 0xf5 */ 1814 {{0, 0}, 1815 {2, 2}, 1816 {4, 7}, 1817 {0, 0} 1818 } 1819 }, 1820 {0, 1, 2, 0, /* 0xf6 */ 1821 {{1, 2}, 1822 {4, 7}, 1823 {0, 0}, 1824 {0, 0} 1825 } 1826 }, 1827 {1, 1, 2, 0, /* 0xf7 */ 1828 {{0, 2}, 1829 {4, 7}, 1830 {0, 0}, 1831 {0, 0} 1832 } 1833 }, 1834 {0, 1, 1, 0, /* 0xf8 */ 1835 {{3, 7}, 1836 {0, 0}, 1837 {0, 0}, 1838 {0, 0} 1839 } 1840 }, 1841 {1, 1, 2, 0, /* 0xf9 */ 1842 {{0, 0}, 1843 {3, 7}, 1844 {0, 0}, 1845 {0, 0} 1846 } 1847 }, 1848 {0, 1, 2, 0, /* 0xfa */ 1849 {{1, 1}, 1850 {3, 7}, 1851 {0, 0}, 1852 {0, 0} 1853 } 1854 }, 1855 {1, 1, 2, 0, /* 0xfb */ 1856 {{0, 1}, 1857 {3, 7}, 1858 {0, 0}, 1859 {0, 0} 1860 } 1861 }, 1862 {0, 1, 1, 0, /* 0xfc */ 1863 {{2, 7}, 1864 {0, 0}, 1865 {0, 0}, 1866 {0, 0} 1867 } 1868 }, 1869 {1, 1, 2, 0, /* 0xfd */ 1870 {{0, 0}, 1871 {2, 7}, 1872 {0, 0}, 1873 {0, 0} 1874 } 1875 }, 1876 {0, 1, 1, 0, /* 0xfe */ 1877 {{1, 7}, 1878 {0, 0}, 1879 {0, 0}, 1880 {0, 0} 1881 } 1882 }, 1883 {1, 1, 1, 0, /* 0xff */ 1884 {{0, 7}, 1885 {0, 0}, 1886 {0, 0}, 1887 {0, 0} 1888 } 1889 } 1890}; 1891 1892 1893int 1894sctp_is_address_in_scope(struct sctp_ifa *ifa, 1895 struct sctp_scoping *scope, 1896 int do_update) 1897{ 1898 if ((scope->loopback_scope == 0) && 1899 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) { 1900 /* 1901 * skip loopback if not in scope * 1902 */ 1903 return (0); 1904 } 1905 switch (ifa->address.sa.sa_family) { 1906#ifdef INET 1907 case AF_INET: 1908 if (scope->ipv4_addr_legal) { 1909 struct sockaddr_in *sin; 1910 1911 sin = &ifa->address.sin; 1912 if (sin->sin_addr.s_addr == 0) { 1913 /* not in scope , unspecified */ 1914 return (0); 1915 } 1916 if ((scope->ipv4_local_scope == 0) && 1917 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1918 /* private address not in scope */ 1919 return (0); 1920 } 1921 } else { 1922 return (0); 1923 } 1924 break; 1925#endif 1926#ifdef INET6 1927 case AF_INET6: 1928 if (scope->ipv6_addr_legal) { 1929 struct sockaddr_in6 *sin6; 1930 1931#if !defined(__Panda__) 1932 /* Must update the flags, bummer, which 1933 * means any IFA locks must now be applied HERE <-> 1934 */ 1935 if (do_update) { 1936 sctp_gather_internal_ifa_flags(ifa); 1937 } 1938#endif 1939 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1940 return (0); 1941 } 1942 /* ok to use deprecated addresses? */ 1943 sin6 = &ifa->address.sin6; 1944 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1945 /* skip unspecifed addresses */ 1946 return (0); 1947 } 1948 if ( /* (local_scope == 0) && */ 1949 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1950 return (0); 1951 } 1952 if ((scope->site_scope == 0) && 1953 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1954 return (0); 1955 } 1956 } else { 1957 return (0); 1958 } 1959 break; 1960#endif 1961#if defined(__Userspace__) 1962 case AF_CONN: 1963 if (!scope->conn_addr_legal) { 1964 return (0); 1965 } 1966 break; 1967#endif 1968 default: 1969 return (0); 1970 } 1971 return (1); 1972} 1973 1974static struct mbuf * 1975sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa, uint16_t *len) 1976{ 1977#if defined(INET) || defined(INET6) 1978 struct sctp_paramhdr *parmh; 1979 struct mbuf *mret; 1980 uint16_t plen; 1981#endif 1982 1983 switch (ifa->address.sa.sa_family) { 1984#ifdef INET 1985 case AF_INET: 1986 plen = (uint16_t)sizeof(struct sctp_ipv4addr_param); 1987 break; 1988#endif 1989#ifdef INET6 1990 case AF_INET6: 1991 plen = (uint16_t)sizeof(struct sctp_ipv6addr_param); 1992 break; 1993#endif 1994 default: 1995 return (m); 1996 } 1997#if defined(INET) || defined(INET6) 1998 if (M_TRAILINGSPACE(m) >= plen) { 1999 /* easy side we just drop it on the end */ 2000 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 2001 mret = m; 2002 } else { 2003 /* Need more space */ 2004 mret = m; 2005 while (SCTP_BUF_NEXT(mret) != NULL) { 2006 mret = SCTP_BUF_NEXT(mret); 2007 } 2008 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(plen, 0, M_NOWAIT, 1, MT_DATA); 2009 if (SCTP_BUF_NEXT(mret) == NULL) { 2010 /* We are hosed, can't add more addresses */ 2011 return (m); 2012 } 2013 mret = SCTP_BUF_NEXT(mret); 2014 parmh = mtod(mret, struct sctp_paramhdr *); 2015 } 2016 /* now add the parameter */ 2017 switch (ifa->address.sa.sa_family) { 2018#ifdef INET 2019 case AF_INET: 2020 { 2021 struct sctp_ipv4addr_param *ipv4p; 2022 struct sockaddr_in *sin; 2023 2024 sin = &ifa->address.sin; 2025 ipv4p = (struct sctp_ipv4addr_param *)parmh; 2026 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 2027 parmh->param_length = htons(plen); 2028 ipv4p->addr = sin->sin_addr.s_addr; 2029 SCTP_BUF_LEN(mret) += plen; 2030 break; 2031 } 2032#endif 2033#ifdef INET6 2034 case AF_INET6: 2035 { 2036 struct sctp_ipv6addr_param *ipv6p; 2037 struct sockaddr_in6 *sin6; 2038 2039 sin6 = &ifa->address.sin6; 2040 ipv6p = (struct sctp_ipv6addr_param *)parmh; 2041 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 2042 parmh->param_length = htons(plen); 2043 memcpy(ipv6p->addr, &sin6->sin6_addr, 2044 sizeof(ipv6p->addr)); 2045#if defined(SCTP_EMBEDDED_V6_SCOPE) 2046 /* clear embedded scope in the address */ 2047 in6_clearscope((struct in6_addr *)ipv6p->addr); 2048#endif 2049 SCTP_BUF_LEN(mret) += plen; 2050 break; 2051 } 2052#endif 2053 default: 2054 return (m); 2055 } 2056 if (len != NULL) { 2057 *len += plen; 2058 } 2059 return (mret); 2060#endif 2061} 2062 2063 2064struct mbuf * 2065sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2066 struct sctp_scoping *scope, 2067 struct mbuf *m_at, int cnt_inits_to, 2068 uint16_t *padding_len, uint16_t *chunk_len) 2069{ 2070 struct sctp_vrf *vrf = NULL; 2071 int cnt, limit_out = 0, total_count; 2072 uint32_t vrf_id; 2073 2074 vrf_id = inp->def_vrf_id; 2075 SCTP_IPI_ADDR_RLOCK(); 2076 vrf = sctp_find_vrf(vrf_id); 2077 if (vrf == NULL) { 2078 SCTP_IPI_ADDR_RUNLOCK(); 2079 return (m_at); 2080 } 2081 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2082 struct sctp_ifa *sctp_ifap; 2083 struct sctp_ifn *sctp_ifnp; 2084 2085 cnt = cnt_inits_to; 2086 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) { 2087 limit_out = 1; 2088 cnt = SCTP_ADDRESS_LIMIT; 2089 goto skip_count; 2090 } 2091 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2092 if ((scope->loopback_scope == 0) && 2093 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2094 /* 2095 * Skip loopback devices if loopback_scope 2096 * not set 2097 */ 2098 continue; 2099 } 2100 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2101#if defined(__FreeBSD__) 2102#ifdef INET 2103 if ((sctp_ifap->address.sa.sa_family == AF_INET) && 2104 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2105 &sctp_ifap->address.sin.sin_addr) != 0)) { 2106 continue; 2107 } 2108#endif 2109#ifdef INET6 2110 if ((sctp_ifap->address.sa.sa_family == AF_INET6) && 2111 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2112 &sctp_ifap->address.sin6.sin6_addr) != 0)) { 2113 continue; 2114 } 2115#endif 2116#endif 2117 if (sctp_is_addr_restricted(stcb, sctp_ifap)) { 2118 continue; 2119 } 2120#if defined(__Userspace__) 2121 if (sctp_ifap->address.sa.sa_family == AF_CONN) { 2122 continue; 2123 } 2124#endif 2125 if (sctp_is_address_in_scope(sctp_ifap, scope, 1) == 0) { 2126 continue; 2127 } 2128 cnt++; 2129 if (cnt > SCTP_ADDRESS_LIMIT) { 2130 break; 2131 } 2132 } 2133 if (cnt > SCTP_ADDRESS_LIMIT) { 2134 break; 2135 } 2136 } 2137 skip_count: 2138 if (cnt > 1) { 2139 total_count = 0; 2140 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2141 cnt = 0; 2142 if ((scope->loopback_scope == 0) && 2143 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2144 /* 2145 * Skip loopback devices if 2146 * loopback_scope not set 2147 */ 2148 continue; 2149 } 2150 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2151#if defined(__FreeBSD__) 2152#ifdef INET 2153 if ((sctp_ifap->address.sa.sa_family == AF_INET) && 2154 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2155 &sctp_ifap->address.sin.sin_addr) != 0)) { 2156 continue; 2157 } 2158#endif 2159#ifdef INET6 2160 if ((sctp_ifap->address.sa.sa_family == AF_INET6) && 2161 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2162 &sctp_ifap->address.sin6.sin6_addr) != 0)) { 2163 continue; 2164 } 2165#endif 2166#endif 2167 if (sctp_is_addr_restricted(stcb, sctp_ifap)) { 2168 continue; 2169 } 2170#if defined(__Userspace__) 2171 if (sctp_ifap->address.sa.sa_family == AF_CONN) { 2172 continue; 2173 } 2174#endif 2175 if (sctp_is_address_in_scope(sctp_ifap, 2176 scope, 0) == 0) { 2177 continue; 2178 } 2179 if ((chunk_len != NULL) && 2180 (padding_len != NULL) && 2181 (*padding_len > 0)) { 2182 memset(mtod(m_at, caddr_t) + *chunk_len, 0, *padding_len); 2183 SCTP_BUF_LEN(m_at) += *padding_len; 2184 *chunk_len += *padding_len; 2185 *padding_len = 0; 2186 } 2187 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap, chunk_len); 2188 if (limit_out) { 2189 cnt++; 2190 total_count++; 2191 if (cnt >= 2) { 2192 /* two from each address */ 2193 break; 2194 } 2195 if (total_count > SCTP_ADDRESS_LIMIT) { 2196 /* No more addresses */ 2197 break; 2198 } 2199 } 2200 } 2201 } 2202 } 2203 } else { 2204 struct sctp_laddr *laddr; 2205 2206 cnt = cnt_inits_to; 2207 /* First, how many ? */ 2208 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2209 if (laddr->ifa == NULL) { 2210 continue; 2211 } 2212 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2213 /* Address being deleted by the system, dont 2214 * list. 2215 */ 2216 continue; 2217 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2218 /* Address being deleted on this ep 2219 * don't list. 2220 */ 2221 continue; 2222 } 2223#if defined(__Userspace__) 2224 if (laddr->ifa->address.sa.sa_family == AF_CONN) { 2225 continue; 2226 } 2227#endif 2228 if (sctp_is_address_in_scope(laddr->ifa, 2229 scope, 1) == 0) { 2230 continue; 2231 } 2232 cnt++; 2233 } 2234 /* 2235 * To get through a NAT we only list addresses if we have 2236 * more than one. That way if you just bind a single address 2237 * we let the source of the init dictate our address. 2238 */ 2239 if (cnt > 1) { 2240 cnt = cnt_inits_to; 2241 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2242 if (laddr->ifa == NULL) { 2243 continue; 2244 } 2245 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 2246 continue; 2247 } 2248#if defined(__Userspace__) 2249 if (laddr->ifa->address.sa.sa_family == AF_CONN) { 2250 continue; 2251 } 2252#endif 2253 if (sctp_is_address_in_scope(laddr->ifa, 2254 scope, 0) == 0) { 2255 continue; 2256 } 2257 if ((chunk_len != NULL) && 2258 (padding_len != NULL) && 2259 (*padding_len > 0)) { 2260 memset(mtod(m_at, caddr_t) + *chunk_len, 0, *padding_len); 2261 SCTP_BUF_LEN(m_at) += *padding_len; 2262 *chunk_len += *padding_len; 2263 *padding_len = 0; 2264 } 2265 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa, chunk_len); 2266 cnt++; 2267 if (cnt >= SCTP_ADDRESS_LIMIT) { 2268 break; 2269 } 2270 } 2271 } 2272 } 2273 SCTP_IPI_ADDR_RUNLOCK(); 2274 return (m_at); 2275} 2276 2277static struct sctp_ifa * 2278sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa, 2279 uint8_t dest_is_loop, 2280 uint8_t dest_is_priv, 2281 sa_family_t fam) 2282{ 2283 uint8_t dest_is_global = 0; 2284 /* dest_is_priv is true if destination is a private address */ 2285 /* dest_is_loop is true if destination is a loopback addresses */ 2286 2287 /** 2288 * Here we determine if its a preferred address. A preferred address 2289 * means it is the same scope or higher scope then the destination. 2290 * L = loopback, P = private, G = global 2291 * ----------------------------------------- 2292 * src | dest | result 2293 * ---------------------------------------- 2294 * L | L | yes 2295 * ----------------------------------------- 2296 * P | L | yes-v4 no-v6 2297 * ----------------------------------------- 2298 * G | L | yes-v4 no-v6 2299 * ----------------------------------------- 2300 * L | P | no 2301 * ----------------------------------------- 2302 * P | P | yes 2303 * ----------------------------------------- 2304 * G | P | no 2305 * ----------------------------------------- 2306 * L | G | no 2307 * ----------------------------------------- 2308 * P | G | no 2309 * ----------------------------------------- 2310 * G | G | yes 2311 * ----------------------------------------- 2312 */ 2313 2314 if (ifa->address.sa.sa_family != fam) { 2315 /* forget mis-matched family */ 2316 return (NULL); 2317 } 2318 if ((dest_is_priv == 0) && (dest_is_loop == 0)) { 2319 dest_is_global = 1; 2320 } 2321 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:"); 2322 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa); 2323 /* Ok the address may be ok */ 2324#ifdef INET6 2325 if (fam == AF_INET6) { 2326 /* ok to use deprecated addresses? no lets not! */ 2327 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2328 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n"); 2329 return (NULL); 2330 } 2331 if (ifa->src_is_priv && !ifa->src_is_loop) { 2332 if (dest_is_loop) { 2333 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n"); 2334 return (NULL); 2335 } 2336 } 2337 if (ifa->src_is_glob) { 2338 if (dest_is_loop) { 2339 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n"); 2340 return (NULL); 2341 } 2342 } 2343 } 2344#endif 2345 /* Now that we know what is what, implement or table 2346 * this could in theory be done slicker (it used to be), but this 2347 * is straightforward and easier to validate :-) 2348 */ 2349 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n", 2350 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob); 2351 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n", 2352 dest_is_loop, dest_is_priv, dest_is_global); 2353 2354 if ((ifa->src_is_loop) && (dest_is_priv)) { 2355 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n"); 2356 return (NULL); 2357 } 2358 if ((ifa->src_is_glob) && (dest_is_priv)) { 2359 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n"); 2360 return (NULL); 2361 } 2362 if ((ifa->src_is_loop) && (dest_is_global)) { 2363 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n"); 2364 return (NULL); 2365 } 2366 if ((ifa->src_is_priv) && (dest_is_global)) { 2367 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n"); 2368 return (NULL); 2369 } 2370 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n"); 2371 /* its a preferred address */ 2372 return (ifa); 2373} 2374 2375static struct sctp_ifa * 2376sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa, 2377 uint8_t dest_is_loop, 2378 uint8_t dest_is_priv, 2379 sa_family_t fam) 2380{ 2381 uint8_t dest_is_global = 0; 2382 2383 /** 2384 * Here we determine if its a acceptable address. A acceptable 2385 * address means it is the same scope or higher scope but we can 2386 * allow for NAT which means its ok to have a global dest and a 2387 * private src. 2388 * 2389 * L = loopback, P = private, G = global 2390 * ----------------------------------------- 2391 * src | dest | result 2392 * ----------------------------------------- 2393 * L | L | yes 2394 * ----------------------------------------- 2395 * P | L | yes-v4 no-v6 2396 * ----------------------------------------- 2397 * G | L | yes 2398 * ----------------------------------------- 2399 * L | P | no 2400 * ----------------------------------------- 2401 * P | P | yes 2402 * ----------------------------------------- 2403 * G | P | yes - May not work 2404 * ----------------------------------------- 2405 * L | G | no 2406 * ----------------------------------------- 2407 * P | G | yes - May not work 2408 * ----------------------------------------- 2409 * G | G | yes 2410 * ----------------------------------------- 2411 */ 2412 2413 if (ifa->address.sa.sa_family != fam) { 2414 /* forget non matching family */ 2415 SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa_fam:%d fam:%d\n", 2416 ifa->address.sa.sa_family, fam); 2417 return (NULL); 2418 } 2419 /* Ok the address may be ok */ 2420 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, &ifa->address.sa); 2421 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst_is_loop:%d dest_is_priv:%d\n", 2422 dest_is_loop, dest_is_priv); 2423 if ((dest_is_loop == 0) && (dest_is_priv == 0)) { 2424 dest_is_global = 1; 2425 } 2426#ifdef INET6 2427 if (fam == AF_INET6) { 2428 /* ok to use deprecated addresses? */ 2429 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2430 return (NULL); 2431 } 2432 if (ifa->src_is_priv) { 2433 /* Special case, linklocal to loop */ 2434 if (dest_is_loop) 2435 return (NULL); 2436 } 2437 } 2438#endif 2439 /* 2440 * Now that we know what is what, implement our table. 2441 * This could in theory be done slicker (it used to be), but this 2442 * is straightforward and easier to validate :-) 2443 */ 2444 SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_priv:%d\n", 2445 ifa->src_is_loop, 2446 dest_is_priv); 2447 if ((ifa->src_is_loop == 1) && (dest_is_priv)) { 2448 return (NULL); 2449 } 2450 SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_glob:%d\n", 2451 ifa->src_is_loop, 2452 dest_is_global); 2453 if ((ifa->src_is_loop == 1) && (dest_is_global)) { 2454 return (NULL); 2455 } 2456 SCTPDBG(SCTP_DEBUG_OUTPUT3, "address is acceptable\n"); 2457 /* its an acceptable address */ 2458 return (ifa); 2459} 2460 2461int 2462sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 2463{ 2464 struct sctp_laddr *laddr; 2465 2466 if (stcb == NULL) { 2467 /* There are no restrictions, no TCB :-) */ 2468 return (0); 2469 } 2470 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 2471 if (laddr->ifa == NULL) { 2472 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2473 __FUNCTION__); 2474 continue; 2475 } 2476 if (laddr->ifa == ifa) { 2477 /* Yes it is on the list */ 2478 return (1); 2479 } 2480 } 2481 return (0); 2482} 2483 2484 2485int 2486sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 2487{ 2488 struct sctp_laddr *laddr; 2489 2490 if (ifa == NULL) 2491 return (0); 2492 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2493 if (laddr->ifa == NULL) { 2494 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2495 __FUNCTION__); 2496 continue; 2497 } 2498 if ((laddr->ifa == ifa) && laddr->action == 0) 2499 /* same pointer */ 2500 return (1); 2501 } 2502 return (0); 2503} 2504 2505 2506 2507static struct sctp_ifa * 2508sctp_choose_boundspecific_inp(struct sctp_inpcb *inp, 2509 sctp_route_t *ro, 2510 uint32_t vrf_id, 2511 int non_asoc_addr_ok, 2512 uint8_t dest_is_priv, 2513 uint8_t dest_is_loop, 2514 sa_family_t fam) 2515{ 2516 struct sctp_laddr *laddr, *starting_point; 2517 void *ifn; 2518 int resettotop = 0; 2519 struct sctp_ifn *sctp_ifn; 2520 struct sctp_ifa *sctp_ifa, *sifa; 2521 struct sctp_vrf *vrf; 2522 uint32_t ifn_index; 2523 2524 vrf = sctp_find_vrf(vrf_id); 2525 if (vrf == NULL) 2526 return (NULL); 2527 2528 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2529 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2530 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2531 /* 2532 * first question, is the ifn we will emit on in our list, if so, we 2533 * want such an address. Note that we first looked for a 2534 * preferred address. 2535 */ 2536 if (sctp_ifn) { 2537 /* is a preferred one on the interface we route out? */ 2538 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2539#if defined(__FreeBSD__) 2540#ifdef INET 2541 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 2542 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2543 &sctp_ifa->address.sin.sin_addr) != 0)) { 2544 continue; 2545 } 2546#endif 2547#ifdef INET6 2548 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 2549 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2550 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 2551 continue; 2552 } 2553#endif 2554#endif 2555 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2556 (non_asoc_addr_ok == 0)) 2557 continue; 2558 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, 2559 dest_is_loop, 2560 dest_is_priv, fam); 2561 if (sifa == NULL) 2562 continue; 2563 if (sctp_is_addr_in_ep(inp, sifa)) { 2564 atomic_add_int(&sifa->refcount, 1); 2565 return (sifa); 2566 } 2567 } 2568 } 2569 /* 2570 * ok, now we now need to find one on the list of the addresses. 2571 * We can't get one on the emitting interface so let's find first 2572 * a preferred one. If not that an acceptable one otherwise... 2573 * we return NULL. 2574 */ 2575 starting_point = inp->next_addr_touse; 2576 once_again: 2577 if (inp->next_addr_touse == NULL) { 2578 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2579 resettotop = 1; 2580 } 2581 for (laddr = inp->next_addr_touse; laddr; 2582 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2583 if (laddr->ifa == NULL) { 2584 /* address has been removed */ 2585 continue; 2586 } 2587 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2588 /* address is being deleted */ 2589 continue; 2590 } 2591 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, 2592 dest_is_priv, fam); 2593 if (sifa == NULL) 2594 continue; 2595 atomic_add_int(&sifa->refcount, 1); 2596 return (sifa); 2597 } 2598 if (resettotop == 0) { 2599 inp->next_addr_touse = NULL; 2600 goto once_again; 2601 } 2602 2603 inp->next_addr_touse = starting_point; 2604 resettotop = 0; 2605 once_again_too: 2606 if (inp->next_addr_touse == NULL) { 2607 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2608 resettotop = 1; 2609 } 2610 2611 /* ok, what about an acceptable address in the inp */ 2612 for (laddr = inp->next_addr_touse; laddr; 2613 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2614 if (laddr->ifa == NULL) { 2615 /* address has been removed */ 2616 continue; 2617 } 2618 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2619 /* address is being deleted */ 2620 continue; 2621 } 2622 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2623 dest_is_priv, fam); 2624 if (sifa == NULL) 2625 continue; 2626 atomic_add_int(&sifa->refcount, 1); 2627 return (sifa); 2628 } 2629 if (resettotop == 0) { 2630 inp->next_addr_touse = NULL; 2631 goto once_again_too; 2632 } 2633 2634 /* 2635 * no address bound can be a source for the destination we are in 2636 * trouble 2637 */ 2638 return (NULL); 2639} 2640 2641 2642 2643static struct sctp_ifa * 2644sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp, 2645 struct sctp_tcb *stcb, 2646 sctp_route_t *ro, 2647 uint32_t vrf_id, 2648 uint8_t dest_is_priv, 2649 uint8_t dest_is_loop, 2650 int non_asoc_addr_ok, 2651 sa_family_t fam) 2652{ 2653 struct sctp_laddr *laddr, *starting_point; 2654 void *ifn; 2655 struct sctp_ifn *sctp_ifn; 2656 struct sctp_ifa *sctp_ifa, *sifa; 2657 uint8_t start_at_beginning = 0; 2658 struct sctp_vrf *vrf; 2659 uint32_t ifn_index; 2660 2661 /* 2662 * first question, is the ifn we will emit on in our list, if so, we 2663 * want that one. 2664 */ 2665 vrf = sctp_find_vrf(vrf_id); 2666 if (vrf == NULL) 2667 return (NULL); 2668 2669 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2670 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2671 sctp_ifn = sctp_find_ifn( ifn, ifn_index); 2672 2673 /* 2674 * first question, is the ifn we will emit on in our list? If so, 2675 * we want that one. First we look for a preferred. Second, we go 2676 * for an acceptable. 2677 */ 2678 if (sctp_ifn) { 2679 /* first try for a preferred address on the ep */ 2680 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2681#if defined(__FreeBSD__) 2682#ifdef INET 2683 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 2684 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2685 &sctp_ifa->address.sin.sin_addr) != 0)) { 2686 continue; 2687 } 2688#endif 2689#ifdef INET6 2690 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 2691 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2692 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 2693 continue; 2694 } 2695#endif 2696#endif 2697 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2698 continue; 2699 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2700 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2701 if (sifa == NULL) 2702 continue; 2703 if (((non_asoc_addr_ok == 0) && 2704 (sctp_is_addr_restricted(stcb, sifa))) || 2705 (non_asoc_addr_ok && 2706 (sctp_is_addr_restricted(stcb, sifa)) && 2707 (!sctp_is_addr_pending(stcb, sifa)))) { 2708 /* on the no-no list */ 2709 continue; 2710 } 2711 atomic_add_int(&sifa->refcount, 1); 2712 return (sifa); 2713 } 2714 } 2715 /* next try for an acceptable address on the ep */ 2716 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2717#if defined(__FreeBSD__) 2718#ifdef INET 2719 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 2720 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2721 &sctp_ifa->address.sin.sin_addr) != 0)) { 2722 continue; 2723 } 2724#endif 2725#ifdef INET6 2726 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 2727 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2728 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 2729 continue; 2730 } 2731#endif 2732#endif 2733 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2734 continue; 2735 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2736 sifa= sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv,fam); 2737 if (sifa == NULL) 2738 continue; 2739 if (((non_asoc_addr_ok == 0) && 2740 (sctp_is_addr_restricted(stcb, sifa))) || 2741 (non_asoc_addr_ok && 2742 (sctp_is_addr_restricted(stcb, sifa)) && 2743 (!sctp_is_addr_pending(stcb, sifa)))) { 2744 /* on the no-no list */ 2745 continue; 2746 } 2747 atomic_add_int(&sifa->refcount, 1); 2748 return (sifa); 2749 } 2750 } 2751 2752 } 2753 /* 2754 * if we can't find one like that then we must look at all 2755 * addresses bound to pick one at first preferable then 2756 * secondly acceptable. 2757 */ 2758 starting_point = stcb->asoc.last_used_address; 2759 sctp_from_the_top: 2760 if (stcb->asoc.last_used_address == NULL) { 2761 start_at_beginning = 1; 2762 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2763 } 2764 /* search beginning with the last used address */ 2765 for (laddr = stcb->asoc.last_used_address; laddr; 2766 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2767 if (laddr->ifa == NULL) { 2768 /* address has been removed */ 2769 continue; 2770 } 2771 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2772 /* address is being deleted */ 2773 continue; 2774 } 2775 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2776 if (sifa == NULL) 2777 continue; 2778 if (((non_asoc_addr_ok == 0) && 2779 (sctp_is_addr_restricted(stcb, sifa))) || 2780 (non_asoc_addr_ok && 2781 (sctp_is_addr_restricted(stcb, sifa)) && 2782 (!sctp_is_addr_pending(stcb, sifa)))) { 2783 /* on the no-no list */ 2784 continue; 2785 } 2786 stcb->asoc.last_used_address = laddr; 2787 atomic_add_int(&sifa->refcount, 1); 2788 return (sifa); 2789 } 2790 if (start_at_beginning == 0) { 2791 stcb->asoc.last_used_address = NULL; 2792 goto sctp_from_the_top; 2793 } 2794 /* now try for any higher scope than the destination */ 2795 stcb->asoc.last_used_address = starting_point; 2796 start_at_beginning = 0; 2797 sctp_from_the_top2: 2798 if (stcb->asoc.last_used_address == NULL) { 2799 start_at_beginning = 1; 2800 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2801 } 2802 /* search beginning with the last used address */ 2803 for (laddr = stcb->asoc.last_used_address; laddr; 2804 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2805 if (laddr->ifa == NULL) { 2806 /* address has been removed */ 2807 continue; 2808 } 2809 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2810 /* address is being deleted */ 2811 continue; 2812 } 2813 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2814 dest_is_priv, fam); 2815 if (sifa == NULL) 2816 continue; 2817 if (((non_asoc_addr_ok == 0) && 2818 (sctp_is_addr_restricted(stcb, sifa))) || 2819 (non_asoc_addr_ok && 2820 (sctp_is_addr_restricted(stcb, sifa)) && 2821 (!sctp_is_addr_pending(stcb, sifa)))) { 2822 /* on the no-no list */ 2823 continue; 2824 } 2825 stcb->asoc.last_used_address = laddr; 2826 atomic_add_int(&sifa->refcount, 1); 2827 return (sifa); 2828 } 2829 if (start_at_beginning == 0) { 2830 stcb->asoc.last_used_address = NULL; 2831 goto sctp_from_the_top2; 2832 } 2833 return (NULL); 2834} 2835 2836static struct sctp_ifa * 2837sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn, 2838#if defined(__FreeBSD__) 2839 struct sctp_inpcb *inp, 2840#else 2841 struct sctp_inpcb *inp SCTP_UNUSED, 2842#endif 2843 struct sctp_tcb *stcb, 2844 int non_asoc_addr_ok, 2845 uint8_t dest_is_loop, 2846 uint8_t dest_is_priv, 2847 int addr_wanted, 2848 sa_family_t fam, 2849 sctp_route_t *ro 2850 ) 2851{ 2852 struct sctp_ifa *ifa, *sifa; 2853 int num_eligible_addr = 0; 2854#ifdef INET6 2855#ifdef SCTP_EMBEDDED_V6_SCOPE 2856 struct sockaddr_in6 sin6, lsa6; 2857 2858 if (fam == AF_INET6) { 2859 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6)); 2860#ifdef SCTP_KAME 2861 (void)sa6_recoverscope(&sin6); 2862#else 2863 (void)in6_recoverscope(&sin6, &sin6.sin6_addr, NULL); 2864#endif /* SCTP_KAME */ 2865 } 2866#endif /* SCTP_EMBEDDED_V6_SCOPE */ 2867#endif /* INET6 */ 2868 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2869#if defined(__FreeBSD__) 2870#ifdef INET 2871 if ((ifa->address.sa.sa_family == AF_INET) && 2872 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2873 &ifa->address.sin.sin_addr) != 0)) { 2874 continue; 2875 } 2876#endif 2877#ifdef INET6 2878 if ((ifa->address.sa.sa_family == AF_INET6) && 2879 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2880 &ifa->address.sin6.sin6_addr) != 0)) { 2881 continue; 2882 } 2883#endif 2884#endif 2885 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2886 (non_asoc_addr_ok == 0)) 2887 continue; 2888 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2889 dest_is_priv, fam); 2890 if (sifa == NULL) 2891 continue; 2892#ifdef INET6 2893 if (fam == AF_INET6 && 2894 dest_is_loop && 2895 sifa->src_is_loop && sifa->src_is_priv) { 2896 /* don't allow fe80::1 to be a src on loop ::1, we don't list it 2897 * to the peer so we will get an abort. 2898 */ 2899 continue; 2900 } 2901#ifdef SCTP_EMBEDDED_V6_SCOPE 2902 if (fam == AF_INET6 && 2903 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) && 2904 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 2905 /* link-local <-> link-local must belong to the same scope. */ 2906 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6)); 2907#ifdef SCTP_KAME 2908 (void)sa6_recoverscope(&lsa6); 2909#else 2910 (void)in6_recoverscope(&lsa6, &lsa6.sin6_addr, NULL); 2911#endif /* SCTP_KAME */ 2912 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) { 2913 continue; 2914 } 2915 } 2916#endif /* SCTP_EMBEDDED_V6_SCOPE */ 2917#endif /* INET6 */ 2918 2919#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__Userspace__) 2920 /* Check if the IPv6 address matches to next-hop. 2921 In the mobile case, old IPv6 address may be not deleted 2922 from the interface. Then, the interface has previous and 2923 new addresses. We should use one corresponding to the 2924 next-hop. (by micchie) 2925 */ 2926#ifdef INET6 2927 if (stcb && fam == AF_INET6 && 2928 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2929 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) 2930 == 0) { 2931 continue; 2932 } 2933 } 2934#endif 2935#ifdef INET 2936 /* Avoid topologically incorrect IPv4 address */ 2937 if (stcb && fam == AF_INET && 2938 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2939 if (sctp_v4src_match_nexthop(sifa, ro) == 0) { 2940 continue; 2941 } 2942 } 2943#endif 2944#endif 2945 if (stcb) { 2946 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 2947 continue; 2948 } 2949 if (((non_asoc_addr_ok == 0) && 2950 (sctp_is_addr_restricted(stcb, sifa))) || 2951 (non_asoc_addr_ok && 2952 (sctp_is_addr_restricted(stcb, sifa)) && 2953 (!sctp_is_addr_pending(stcb, sifa)))) { 2954 /* 2955 * It is restricted for some reason.. 2956 * probably not yet added. 2957 */ 2958 continue; 2959 } 2960 } 2961 if (num_eligible_addr >= addr_wanted) { 2962 return (sifa); 2963 } 2964 num_eligible_addr++; 2965 } 2966 return (NULL); 2967} 2968 2969 2970static int 2971sctp_count_num_preferred_boundall(struct sctp_ifn *ifn, 2972#if defined(__FreeBSD__) 2973 struct sctp_inpcb *inp, 2974#else 2975 struct sctp_inpcb *inp SCTP_UNUSED, 2976#endif 2977 struct sctp_tcb *stcb, 2978 int non_asoc_addr_ok, 2979 uint8_t dest_is_loop, 2980 uint8_t dest_is_priv, 2981 sa_family_t fam) 2982{ 2983 struct sctp_ifa *ifa, *sifa; 2984 int num_eligible_addr = 0; 2985 2986 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2987#if defined(__FreeBSD__) 2988#ifdef INET 2989 if ((ifa->address.sa.sa_family == AF_INET) && 2990 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2991 &ifa->address.sin.sin_addr) != 0)) { 2992 continue; 2993 } 2994#endif 2995#ifdef INET6 2996 if ((ifa->address.sa.sa_family == AF_INET6) && 2997 (stcb != NULL) && 2998 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2999 &ifa->address.sin6.sin6_addr) != 0)) { 3000 continue; 3001 } 3002#endif 3003#endif 3004 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3005 (non_asoc_addr_ok == 0)) { 3006 continue; 3007 } 3008 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 3009 dest_is_priv, fam); 3010 if (sifa == NULL) { 3011 continue; 3012 } 3013 if (stcb) { 3014 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 3015 continue; 3016 } 3017 if (((non_asoc_addr_ok == 0) && 3018 (sctp_is_addr_restricted(stcb, sifa))) || 3019 (non_asoc_addr_ok && 3020 (sctp_is_addr_restricted(stcb, sifa)) && 3021 (!sctp_is_addr_pending(stcb, sifa)))) { 3022 /* 3023 * It is restricted for some reason.. 3024 * probably not yet added. 3025 */ 3026 continue; 3027 } 3028 } 3029 num_eligible_addr++; 3030 } 3031 return (num_eligible_addr); 3032} 3033 3034static struct sctp_ifa * 3035sctp_choose_boundall(struct sctp_inpcb *inp, 3036 struct sctp_tcb *stcb, 3037 struct sctp_nets *net, 3038 sctp_route_t *ro, 3039 uint32_t vrf_id, 3040 uint8_t dest_is_priv, 3041 uint8_t dest_is_loop, 3042 int non_asoc_addr_ok, 3043 sa_family_t fam) 3044{ 3045 int cur_addr_num = 0, num_preferred = 0; 3046 void *ifn; 3047 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn; 3048 struct sctp_ifa *sctp_ifa, *sifa; 3049 uint32_t ifn_index; 3050 struct sctp_vrf *vrf; 3051#ifdef INET 3052 int retried = 0; 3053#endif 3054 3055 /*- 3056 * For boundall we can use any address in the association. 3057 * If non_asoc_addr_ok is set we can use any address (at least in 3058 * theory). So we look for preferred addresses first. If we find one, 3059 * we use it. Otherwise we next try to get an address on the 3060 * interface, which we should be able to do (unless non_asoc_addr_ok 3061 * is false and we are routed out that way). In these cases where we 3062 * can't use the address of the interface we go through all the 3063 * ifn's looking for an address we can use and fill that in. Punting 3064 * means we send back address 0, which will probably cause problems 3065 * actually since then IP will fill in the address of the route ifn, 3066 * which means we probably already rejected it.. i.e. here comes an 3067 * abort :-<. 3068 */ 3069 vrf = sctp_find_vrf(vrf_id); 3070 if (vrf == NULL) 3071 return (NULL); 3072 3073 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 3074 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 3075 SCTPDBG(SCTP_DEBUG_OUTPUT2,"ifn from route:%p ifn_index:%d\n", ifn, ifn_index); 3076 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index); 3077 if (sctp_ifn == NULL) { 3078 /* ?? We don't have this guy ?? */ 3079 SCTPDBG(SCTP_DEBUG_OUTPUT2,"No ifn emit interface?\n"); 3080 goto bound_all_plan_b; 3081 } 3082 SCTPDBG(SCTP_DEBUG_OUTPUT2,"ifn_index:%d name:%s is emit interface\n", 3083 ifn_index, sctp_ifn->ifn_name); 3084 3085 if (net) { 3086 cur_addr_num = net->indx_of_eligible_next_to_use; 3087 } 3088 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, 3089 inp, stcb, 3090 non_asoc_addr_ok, 3091 dest_is_loop, 3092 dest_is_priv, fam); 3093 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n", 3094 num_preferred, sctp_ifn->ifn_name); 3095 if (num_preferred == 0) { 3096 /* 3097 * no eligible addresses, we must use some other interface 3098 * address if we can find one. 3099 */ 3100 goto bound_all_plan_b; 3101 } 3102 /* 3103 * Ok we have num_eligible_addr set with how many we can use, this 3104 * may vary from call to call due to addresses being deprecated 3105 * etc.. 3106 */ 3107 if (cur_addr_num >= num_preferred) { 3108 cur_addr_num = 0; 3109 } 3110 /* 3111 * select the nth address from the list (where cur_addr_num is the 3112 * nth) and 0 is the first one, 1 is the second one etc... 3113 */ 3114 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num); 3115 3116 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, 3117 dest_is_priv, cur_addr_num, fam, ro); 3118 3119 /* if sctp_ifa is NULL something changed??, fall to plan b. */ 3120 if (sctp_ifa) { 3121 atomic_add_int(&sctp_ifa->refcount, 1); 3122 if (net) { 3123 /* save off where the next one we will want */ 3124 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 3125 } 3126 return (sctp_ifa); 3127 } 3128 /* 3129 * plan_b: Look at all interfaces and find a preferred address. If 3130 * no preferred fall through to plan_c. 3131 */ 3132 bound_all_plan_b: 3133 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n"); 3134 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3135 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n", 3136 sctp_ifn->ifn_name); 3137 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3138 /* wrong base scope */ 3139 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n"); 3140 continue; 3141 } 3142 if ((sctp_ifn == looked_at) && looked_at) { 3143 /* already looked at this guy */ 3144 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n"); 3145 continue; 3146 } 3147 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, 3148 dest_is_loop, dest_is_priv, fam); 3149 SCTPDBG(SCTP_DEBUG_OUTPUT2, 3150 "Found ifn:%p %d preferred source addresses\n", 3151 ifn, num_preferred); 3152 if (num_preferred == 0) { 3153 /* None on this interface. */ 3154 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n"); 3155 continue; 3156 } 3157 SCTPDBG(SCTP_DEBUG_OUTPUT2, 3158 "num preferred:%d on interface:%p cur_addr_num:%d\n", 3159 num_preferred, (void *)sctp_ifn, cur_addr_num); 3160 3161 /* 3162 * Ok we have num_eligible_addr set with how many we can 3163 * use, this may vary from call to call due to addresses 3164 * being deprecated etc.. 3165 */ 3166 if (cur_addr_num >= num_preferred) { 3167 cur_addr_num = 0; 3168 } 3169 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, 3170 dest_is_priv, cur_addr_num, fam, ro); 3171 if (sifa == NULL) 3172 continue; 3173 if (net) { 3174 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 3175 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n", 3176 cur_addr_num); 3177 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:"); 3178 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 3179 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:"); 3180 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa); 3181 } 3182 atomic_add_int(&sifa->refcount, 1); 3183 return (sifa); 3184 } 3185#ifdef INET 3186again_with_private_addresses_allowed: 3187#endif 3188 /* plan_c: do we have an acceptable address on the emit interface */ 3189 sifa = NULL; 3190 SCTPDBG(SCTP_DEBUG_OUTPUT2,"Trying Plan C: find acceptable on interface\n"); 3191 if (emit_ifn == NULL) { 3192 SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jump to Plan D - no emit_ifn\n"); 3193 goto plan_d; 3194 } 3195 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { 3196 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifa:%p\n", (void *)sctp_ifa); 3197#if defined(__FreeBSD__) 3198#ifdef INET 3199 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 3200 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 3201 &sctp_ifa->address.sin.sin_addr) != 0)) { 3202 SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jailed\n"); 3203 continue; 3204 } 3205#endif 3206#ifdef INET6 3207 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 3208 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 3209 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 3210 SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jailed\n"); 3211 continue; 3212 } 3213#endif 3214#endif 3215 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3216 (non_asoc_addr_ok == 0)) { 3217 SCTPDBG(SCTP_DEBUG_OUTPUT2,"Defer\n"); 3218 continue; 3219 } 3220 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, 3221 dest_is_priv, fam); 3222 if (sifa == NULL) { 3223 SCTPDBG(SCTP_DEBUG_OUTPUT2, "IFA not acceptable\n"); 3224 continue; 3225 } 3226 if (stcb) { 3227 if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) { 3228 SCTPDBG(SCTP_DEBUG_OUTPUT2, "NOT in scope\n"); 3229 sifa = NULL; 3230 continue; 3231 } 3232 if (((non_asoc_addr_ok == 0) && 3233 (sctp_is_addr_restricted(stcb, sifa))) || 3234 (non_asoc_addr_ok && 3235 (sctp_is_addr_restricted(stcb, sifa)) && 3236 (!sctp_is_addr_pending(stcb, sifa)))) { 3237 /* 3238 * It is restricted for some 3239 * reason.. probably not yet added. 3240 */ 3241 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Its resticted\n"); 3242 sifa = NULL; 3243 continue; 3244 } 3245 } else { 3246 SCTP_PRINTF("Stcb is null - no print\n"); 3247 } 3248 atomic_add_int(&sifa->refcount, 1); 3249 goto out; 3250 } 3251 plan_d: 3252 /* 3253 * plan_d: We are in trouble. No preferred address on the emit 3254 * interface. And not even a preferred address on all interfaces. 3255 * Go out and see if we can find an acceptable address somewhere 3256 * amongst all interfaces. 3257 */ 3258 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D looked_at is %p\n", (void *)looked_at); 3259 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3260 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3261 /* wrong base scope */ 3262 continue; 3263 } 3264 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3265#if defined(__FreeBSD__) 3266#ifdef INET 3267 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 3268 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 3269 &sctp_ifa->address.sin.sin_addr) != 0)) { 3270 continue; 3271 } 3272#endif 3273#ifdef INET6 3274 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 3275 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 3276 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 3277 continue; 3278 } 3279#endif 3280#endif 3281 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3282 (non_asoc_addr_ok == 0)) 3283 continue; 3284 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 3285 dest_is_loop, 3286 dest_is_priv, fam); 3287 if (sifa == NULL) 3288 continue; 3289 if (stcb) { 3290 if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) { 3291 sifa = NULL; 3292 continue; 3293 } 3294 if (((non_asoc_addr_ok == 0) && 3295 (sctp_is_addr_restricted(stcb, sifa))) || 3296 (non_asoc_addr_ok && 3297 (sctp_is_addr_restricted(stcb, sifa)) && 3298 (!sctp_is_addr_pending(stcb, sifa)))) { 3299 /* 3300 * It is restricted for some 3301 * reason.. probably not yet added. 3302 */ 3303 sifa = NULL; 3304 continue; 3305 } 3306 } 3307 goto out; 3308 } 3309 } 3310#ifdef INET 3311 if ((retried == 0) && (stcb->asoc.scope.ipv4_local_scope == 0)) { 3312 stcb->asoc.scope.ipv4_local_scope = 1; 3313 retried = 1; 3314 goto again_with_private_addresses_allowed; 3315 } else if (retried == 1) { 3316 stcb->asoc.scope.ipv4_local_scope = 0; 3317 } 3318#endif 3319out: 3320#ifdef INET 3321 if (sifa) { 3322 if (retried == 1) { 3323 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3324 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3325 /* wrong base scope */ 3326 continue; 3327 } 3328 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3329 struct sctp_ifa *tmp_sifa; 3330 3331#if defined(__FreeBSD__) 3332#ifdef INET 3333 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 3334 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 3335 &sctp_ifa->address.sin.sin_addr) != 0)) { 3336 continue; 3337 } 3338#endif 3339#ifdef INET6 3340 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 3341 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 3342 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 3343 continue; 3344 } 3345#endif 3346#endif 3347 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3348 (non_asoc_addr_ok == 0)) 3349 continue; 3350 tmp_sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 3351 dest_is_loop, 3352 dest_is_priv, fam); 3353 if (tmp_sifa == NULL) { 3354 continue; 3355 } 3356 if (tmp_sifa == sifa) { 3357 continue; 3358 } 3359 if (stcb) { 3360 if (sctp_is_address_in_scope(tmp_sifa, 3361 &stcb->asoc.scope, 0) == 0) { 3362 continue; 3363 } 3364 if (((non_asoc_addr_ok == 0) && 3365 (sctp_is_addr_restricted(stcb, tmp_sifa))) || 3366 (non_asoc_addr_ok && 3367 (sctp_is_addr_restricted(stcb, tmp_sifa)) && 3368 (!sctp_is_addr_pending(stcb, tmp_sifa)))) { 3369 /* 3370 * It is restricted for some 3371 * reason.. probably not yet added. 3372 */ 3373 continue; 3374 } 3375 } 3376 if ((tmp_sifa->address.sin.sin_family == AF_INET) && 3377 (IN4_ISPRIVATE_ADDRESS(&(tmp_sifa->address.sin.sin_addr)))) { 3378 sctp_add_local_addr_restricted(stcb, tmp_sifa); 3379 } 3380 } 3381 } 3382 } 3383 atomic_add_int(&sifa->refcount, 1); 3384 } 3385#endif 3386 return (sifa); 3387} 3388 3389 3390 3391/* tcb may be NULL */ 3392struct sctp_ifa * 3393sctp_source_address_selection(struct sctp_inpcb *inp, 3394 struct sctp_tcb *stcb, 3395 sctp_route_t *ro, 3396 struct sctp_nets *net, 3397 int non_asoc_addr_ok, uint32_t vrf_id) 3398{ 3399 struct sctp_ifa *answer; 3400 uint8_t dest_is_priv, dest_is_loop; 3401 sa_family_t fam; 3402#ifdef INET 3403 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 3404#endif 3405#ifdef INET6 3406 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst; 3407#endif 3408 3409 /** 3410 * Rules: - Find the route if needed, cache if I can. - Look at 3411 * interface address in route, Is it in the bound list. If so we 3412 * have the best source. - If not we must rotate amongst the 3413 * addresses. 3414 * 3415 * Cavets and issues 3416 * 3417 * Do we need to pay attention to scope. We can have a private address 3418 * or a global address we are sourcing or sending to. So if we draw 3419 * it out 3420 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3421 * For V4 3422 * ------------------------------------------ 3423 * source * dest * result 3424 * ----------------------------------------- 3425 * <a> Private * Global * NAT 3426 * ----------------------------------------- 3427 * <b> Private * Private * No problem 3428 * ----------------------------------------- 3429 * <c> Global * Private * Huh, How will this work? 3430 * ----------------------------------------- 3431 * <d> Global * Global * No Problem 3432 *------------------------------------------ 3433 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3434 * For V6 3435 *------------------------------------------ 3436 * source * dest * result 3437 * ----------------------------------------- 3438 * <a> Linklocal * Global * 3439 * ----------------------------------------- 3440 * <b> Linklocal * Linklocal * No problem 3441 * ----------------------------------------- 3442 * <c> Global * Linklocal * Huh, How will this work? 3443 * ----------------------------------------- 3444 * <d> Global * Global * No Problem 3445 *------------------------------------------ 3446 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3447 * 3448 * And then we add to that what happens if there are multiple addresses 3449 * assigned to an interface. Remember the ifa on a ifn is a linked 3450 * list of addresses. So one interface can have more than one IP 3451 * address. What happens if we have both a private and a global 3452 * address? Do we then use context of destination to sort out which 3453 * one is best? And what about NAT's sending P->G may get you a NAT 3454 * translation, or should you select the G thats on the interface in 3455 * preference. 3456 * 3457 * Decisions: 3458 * 3459 * - count the number of addresses on the interface. 3460 * - if it is one, no problem except case <c>. 3461 * For <a> we will assume a NAT out there. 3462 * - if there are more than one, then we need to worry about scope P 3463 * or G. We should prefer G -> G and P -> P if possible. 3464 * Then as a secondary fall back to mixed types G->P being a last 3465 * ditch one. 3466 * - The above all works for bound all, but bound specific we need to 3467 * use the same concept but instead only consider the bound 3468 * addresses. If the bound set is NOT assigned to the interface then 3469 * we must use rotation amongst the bound addresses.. 3470 */ 3471 if (ro->ro_rt == NULL) { 3472 /* 3473 * Need a route to cache. 3474 */ 3475 SCTP_RTALLOC(ro, vrf_id); 3476 } 3477 if (ro->ro_rt == NULL) { 3478 return (NULL); 3479 } 3480 fam = ro->ro_dst.sa_family; 3481 dest_is_priv = dest_is_loop = 0; 3482 /* Setup our scopes for the destination */ 3483 switch (fam) { 3484#ifdef INET 3485 case AF_INET: 3486 /* Scope based on outbound address */ 3487 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3488 dest_is_loop = 1; 3489 if (net != NULL) { 3490 /* mark it as local */ 3491 net->addr_is_local = 1; 3492 } 3493 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 3494 dest_is_priv = 1; 3495 } 3496 break; 3497#endif 3498#ifdef INET6 3499 case AF_INET6: 3500 /* Scope based on outbound address */ 3501#if defined(__Userspace_os_Windows) 3502 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3503#else 3504 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) || 3505 SCTP_ROUTE_IS_REAL_LOOP(ro)) { 3506#endif 3507 /* 3508 * If the address is a loopback address, which 3509 * consists of "::1" OR "fe80::1%lo0", we are loopback 3510 * scope. But we don't use dest_is_priv (link local 3511 * addresses). 3512 */ 3513 dest_is_loop = 1; 3514 if (net != NULL) { 3515 /* mark it as local */ 3516 net->addr_is_local = 1; 3517 } 3518 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3519 dest_is_priv = 1; 3520 } 3521 break; 3522#endif 3523 } 3524 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:"); 3525 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&ro->ro_dst); 3526 SCTP_IPI_ADDR_RLOCK(); 3527 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3528 /* 3529 * Bound all case 3530 */ 3531 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, 3532 dest_is_priv, dest_is_loop, 3533 non_asoc_addr_ok, fam); 3534 SCTP_IPI_ADDR_RUNLOCK(); 3535 return (answer); 3536 } 3537 /* 3538 * Subset bound case 3539 */ 3540 if (stcb) { 3541 answer = sctp_choose_boundspecific_stcb(inp, stcb, ro, 3542 vrf_id, dest_is_priv, 3543 dest_is_loop, 3544 non_asoc_addr_ok, fam); 3545 } else { 3546 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id, 3547 non_asoc_addr_ok, 3548 dest_is_priv, 3549 dest_is_loop, fam); 3550 } 3551 SCTP_IPI_ADDR_RUNLOCK(); 3552 return (answer); 3553} 3554 3555static int 3556sctp_find_cmsg(int c_type, void *data, struct mbuf *control, size_t cpsize) 3557{ 3558#if defined(__Userspace_os_Windows) 3559 WSACMSGHDR cmh; 3560#else 3561 struct cmsghdr cmh; 3562#endif 3563 int tlen, at, found; 3564 struct sctp_sndinfo sndinfo; 3565 struct sctp_prinfo prinfo; 3566 struct sctp_authinfo authinfo; 3567 3568 tlen = SCTP_BUF_LEN(control); 3569 at = 0; 3570 found = 0; 3571 /* 3572 * Independent of how many mbufs, find the c_type inside the control 3573 * structure and copy out the data. 3574 */ 3575 while (at < tlen) { 3576 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3577 /* There is not enough room for one more. */ 3578 return (found); 3579 } 3580 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3581 if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) { 3582 /* We dont't have a complete CMSG header. */ 3583 return (found); 3584 } 3585 if (((int)cmh.cmsg_len + at) > tlen) { 3586 /* We don't have the complete CMSG. */ 3587 return (found); 3588 } 3589 if ((cmh.cmsg_level == IPPROTO_SCTP) && 3590 ((c_type == cmh.cmsg_type) || 3591 ((c_type == SCTP_SNDRCV) && 3592 ((cmh.cmsg_type == SCTP_SNDINFO) || 3593 (cmh.cmsg_type == SCTP_PRINFO) || 3594 (cmh.cmsg_type == SCTP_AUTHINFO))))) { 3595 if (c_type == cmh.cmsg_type) { 3596 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < cpsize) { 3597 return (found); 3598 } 3599 /* It is exactly what we want. Copy it out. */ 3600 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), cpsize, (caddr_t)data); 3601 return (1); 3602 } else { 3603 struct sctp_sndrcvinfo *sndrcvinfo; 3604 3605 sndrcvinfo = (struct sctp_sndrcvinfo *)data; 3606 if (found == 0) { 3607 if (cpsize < sizeof(struct sctp_sndrcvinfo)) { 3608 return (found); 3609 } 3610 memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); 3611 } 3612 switch (cmh.cmsg_type) { 3613 case SCTP_SNDINFO: 3614 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_sndinfo)) { 3615 return (found); 3616 } 3617 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_sndinfo), (caddr_t)&sndinfo); 3618 sndrcvinfo->sinfo_stream = sndinfo.snd_sid; 3619 sndrcvinfo->sinfo_flags = sndinfo.snd_flags; 3620 sndrcvinfo->sinfo_ppid = sndinfo.snd_ppid; 3621 sndrcvinfo->sinfo_context = sndinfo.snd_context; 3622 sndrcvinfo->sinfo_assoc_id = sndinfo.snd_assoc_id; 3623 break; 3624 case SCTP_PRINFO: 3625 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_prinfo)) { 3626 return (found); 3627 } 3628 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_prinfo), (caddr_t)&prinfo); 3629 if (prinfo.pr_policy != SCTP_PR_SCTP_NONE) { 3630 sndrcvinfo->sinfo_timetolive = prinfo.pr_value; 3631 } else { 3632 sndrcvinfo->sinfo_timetolive = 0; 3633 } 3634 sndrcvinfo->sinfo_flags |= prinfo.pr_policy; 3635 break; 3636 case SCTP_AUTHINFO: 3637 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_authinfo)) { 3638 return (found); 3639 } 3640 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_authinfo), (caddr_t)&authinfo); 3641 sndrcvinfo->sinfo_keynumber_valid = 1; 3642 sndrcvinfo->sinfo_keynumber = authinfo.auth_keynumber; 3643 break; 3644 default: 3645 return (found); 3646 } 3647 found = 1; 3648 } 3649 } 3650 at += CMSG_ALIGN(cmh.cmsg_len); 3651 } 3652 return (found); 3653} 3654 3655static int 3656sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *error) 3657{ 3658#if defined(__Userspace_os_Windows) 3659 WSACMSGHDR cmh; 3660#else 3661 struct cmsghdr cmh; 3662#endif 3663 int tlen, at; 3664 struct sctp_initmsg initmsg; 3665#ifdef INET 3666 struct sockaddr_in sin; 3667#endif 3668#ifdef INET6 3669 struct sockaddr_in6 sin6; 3670#endif 3671 3672 tlen = SCTP_BUF_LEN(control); 3673 at = 0; 3674 while (at < tlen) { 3675 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3676 /* There is not enough room for one more. */ 3677 *error = EINVAL; 3678 return (1); 3679 } 3680 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3681 if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) { 3682 /* We dont't have a complete CMSG header. */ 3683 *error = EINVAL; 3684 return (1); 3685 } 3686 if (((int)cmh.cmsg_len + at) > tlen) { 3687 /* We don't have the complete CMSG. */ 3688 *error = EINVAL; 3689 return (1); 3690 } 3691 if (cmh.cmsg_level == IPPROTO_SCTP) { 3692 switch (cmh.cmsg_type) { 3693 case SCTP_INIT: 3694 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_initmsg)) { 3695 *error = EINVAL; 3696 return (1); 3697 } 3698 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_initmsg), (caddr_t)&initmsg); 3699 if (initmsg.sinit_max_attempts) 3700 stcb->asoc.max_init_times = initmsg.sinit_max_attempts; 3701 if (initmsg.sinit_num_ostreams) 3702 stcb->asoc.pre_open_streams = initmsg.sinit_num_ostreams; 3703 if (initmsg.sinit_max_instreams) 3704 stcb->asoc.max_inbound_streams = initmsg.sinit_max_instreams; 3705 if (initmsg.sinit_max_init_timeo) 3706 stcb->asoc.initial_init_rto_max = initmsg.sinit_max_init_timeo; 3707 if (stcb->asoc.streamoutcnt < stcb->asoc.pre_open_streams) { 3708 struct sctp_stream_out *tmp_str; 3709 unsigned int i; 3710#if defined(SCTP_DETAILED_STR_STATS) 3711 int j; 3712#endif 3713 3714 /* Default is NOT correct */ 3715 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, default:%d pre_open:%d\n", 3716 stcb->asoc.streamoutcnt, stcb->asoc.pre_open_streams); 3717 SCTP_TCB_UNLOCK(stcb); 3718 SCTP_MALLOC(tmp_str, 3719 struct sctp_stream_out *, 3720 (stcb->asoc.pre_open_streams * sizeof(struct sctp_stream_out)), 3721 SCTP_M_STRMO); 3722 SCTP_TCB_LOCK(stcb); 3723 if (tmp_str != NULL) { 3724 SCTP_FREE(stcb->asoc.strmout, SCTP_M_STRMO); 3725 stcb->asoc.strmout = tmp_str; 3726 stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt = stcb->asoc.pre_open_streams; 3727 } else { 3728 stcb->asoc.pre_open_streams = stcb->asoc.streamoutcnt; 3729 } 3730 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 3731 TAILQ_INIT(&stcb->asoc.strmout[i].outqueue); 3732 stcb->asoc.strmout[i].chunks_on_queues = 0; 3733 stcb->asoc.strmout[i].next_sequence_send = 0; 3734#if defined(SCTP_DETAILED_STR_STATS) 3735 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 3736 stcb->asoc.strmout[i].abandoned_sent[j] = 0; 3737 stcb->asoc.strmout[i].abandoned_unsent[j] = 0; 3738 } 3739#else 3740 stcb->asoc.strmout[i].abandoned_sent[0] = 0; 3741 stcb->asoc.strmout[i].abandoned_unsent[0] = 0; 3742#endif 3743 stcb->asoc.strmout[i].stream_no = i; 3744 stcb->asoc.strmout[i].last_msg_incomplete = 0; 3745 stcb->asoc.ss_functions.sctp_ss_init_stream(&stcb->asoc.strmout[i], NULL); 3746 } 3747 } 3748 break; 3749#ifdef INET 3750 case SCTP_DSTADDRV4: 3751 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in_addr)) { 3752 *error = EINVAL; 3753 return (1); 3754 } 3755 memset(&sin, 0, sizeof(struct sockaddr_in)); 3756 sin.sin_family = AF_INET; 3757#ifdef HAVE_SIN_LEN 3758 sin.sin_len = sizeof(struct sockaddr_in); 3759#endif 3760 sin.sin_port = stcb->rport; 3761 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in_addr), (caddr_t)&sin.sin_addr); 3762 if ((sin.sin_addr.s_addr == INADDR_ANY) || 3763 (sin.sin_addr.s_addr == INADDR_BROADCAST) || 3764 IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) { 3765 *error = EINVAL; 3766 return (1); 3767 } 3768 if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, 3769 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 3770 *error = ENOBUFS; 3771 return (1); 3772 } 3773 break; 3774#endif 3775#ifdef INET6 3776 case SCTP_DSTADDRV6: 3777 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in6_addr)) { 3778 *error = EINVAL; 3779 return (1); 3780 } 3781 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 3782 sin6.sin6_family = AF_INET6; 3783#ifdef HAVE_SIN6_LEN 3784 sin6.sin6_len = sizeof(struct sockaddr_in6); 3785#endif 3786 sin6.sin6_port = stcb->rport; 3787 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr); 3788 if (IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) || 3789 IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) { 3790 *error = EINVAL; 3791 return (1); 3792 } 3793#ifdef INET 3794 if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) { 3795 in6_sin6_2_sin(&sin, &sin6); 3796 if ((sin.sin_addr.s_addr == INADDR_ANY) || 3797 (sin.sin_addr.s_addr == INADDR_BROADCAST) || 3798 IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) { 3799 *error = EINVAL; 3800 return (1); 3801 } 3802 if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, 3803 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 3804 *error = ENOBUFS; 3805 return (1); 3806 } 3807 } else 3808#endif 3809 if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin6, NULL, 3810 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 3811 *error = ENOBUFS; 3812 return (1); 3813 } 3814 break; 3815#endif 3816 default: 3817 break; 3818 } 3819 } 3820 at += CMSG_ALIGN(cmh.cmsg_len); 3821 } 3822 return (0); 3823} 3824 3825static struct sctp_tcb * 3826sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p, 3827 uint16_t port, 3828 struct mbuf *control, 3829 struct sctp_nets **net_p, 3830 int *error) 3831{ 3832#if defined(__Userspace_os_Windows) 3833 WSACMSGHDR cmh; 3834#else 3835 struct cmsghdr cmh; 3836#endif 3837 int tlen, at; 3838 struct sctp_tcb *stcb; 3839 struct sockaddr *addr; 3840#ifdef INET 3841 struct sockaddr_in sin; 3842#endif 3843#ifdef INET6 3844 struct sockaddr_in6 sin6; 3845#endif 3846 3847 tlen = SCTP_BUF_LEN(control); 3848 at = 0; 3849 while (at < tlen) { 3850 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3851 /* There is not enough room for one more. */ 3852 *error = EINVAL; 3853 return (NULL); 3854 } 3855 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3856 if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) { 3857 /* We dont't have a complete CMSG header. */ 3858 *error = EINVAL; 3859 return (NULL); 3860 } 3861 if (((int)cmh.cmsg_len + at) > tlen) { 3862 /* We don't have the complete CMSG. */ 3863 *error = EINVAL; 3864 return (NULL); 3865 } 3866 if (cmh.cmsg_level == IPPROTO_SCTP) { 3867 switch (cmh.cmsg_type) { 3868#ifdef INET 3869 case SCTP_DSTADDRV4: 3870 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in_addr)) { 3871 *error = EINVAL; 3872 return (NULL); 3873 } 3874 memset(&sin, 0, sizeof(struct sockaddr_in)); 3875 sin.sin_family = AF_INET; 3876#ifdef HAVE_SIN_LEN 3877 sin.sin_len = sizeof(struct sockaddr_in); 3878#endif 3879 sin.sin_port = port; 3880 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in_addr), (caddr_t)&sin.sin_addr); 3881 addr = (struct sockaddr *)&sin; 3882 break; 3883#endif 3884#ifdef INET6 3885 case SCTP_DSTADDRV6: 3886 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in6_addr)) { 3887 *error = EINVAL; 3888 return (NULL); 3889 } 3890 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 3891 sin6.sin6_family = AF_INET6; 3892#ifdef HAVE_SIN6_LEN 3893 sin6.sin6_len = sizeof(struct sockaddr_in6); 3894#endif 3895 sin6.sin6_port = port; 3896 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr); 3897#ifdef INET 3898 if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) { 3899 in6_sin6_2_sin(&sin, &sin6); 3900 addr = (struct sockaddr *)&sin; 3901 } else 3902#endif 3903 addr = (struct sockaddr *)&sin6; 3904 break; 3905#endif 3906 default: 3907 addr = NULL; 3908 break; 3909 } 3910 if (addr) { 3911 stcb = sctp_findassociation_ep_addr(inp_p, addr, net_p, NULL, NULL); 3912 if (stcb != NULL) { 3913 return (stcb); 3914 } 3915 } 3916 } 3917 at += CMSG_ALIGN(cmh.cmsg_len); 3918 } 3919 return (NULL); 3920} 3921 3922static struct mbuf * 3923sctp_add_cookie(struct mbuf *init, int init_offset, 3924 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t **signature) 3925{ 3926 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 3927 struct sctp_state_cookie *stc; 3928 struct sctp_paramhdr *ph; 3929 uint8_t *foo; 3930 int sig_offset; 3931 uint16_t cookie_sz; 3932 3933 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) + 3934 sizeof(struct sctp_paramhdr)), 0, 3935 M_NOWAIT, 1, MT_DATA); 3936 if (mret == NULL) { 3937 return (NULL); 3938 } 3939 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_NOWAIT); 3940 if (copy_init == NULL) { 3941 sctp_m_freem(mret); 3942 return (NULL); 3943 } 3944#ifdef SCTP_MBUF_LOGGING 3945 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3946 struct mbuf *mat; 3947 3948 for (mat = copy_init; mat; mat = SCTP_BUF_NEXT(mat)) { 3949 if (SCTP_BUF_IS_EXTENDED(mat)) { 3950 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3951 } 3952 } 3953 } 3954#endif 3955 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL, 3956 M_NOWAIT); 3957 if (copy_initack == NULL) { 3958 sctp_m_freem(mret); 3959 sctp_m_freem(copy_init); 3960 return (NULL); 3961 } 3962#ifdef SCTP_MBUF_LOGGING 3963 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3964 struct mbuf *mat; 3965 3966 for (mat = copy_initack; mat; mat = SCTP_BUF_NEXT(mat)) { 3967 if (SCTP_BUF_IS_EXTENDED(mat)) { 3968 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 3969 } 3970 } 3971 } 3972#endif 3973 /* easy side we just drop it on the end */ 3974 ph = mtod(mret, struct sctp_paramhdr *); 3975 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) + 3976 sizeof(struct sctp_paramhdr); 3977 stc = (struct sctp_state_cookie *)((caddr_t)ph + 3978 sizeof(struct sctp_paramhdr)); 3979 ph->param_type = htons(SCTP_STATE_COOKIE); 3980 ph->param_length = 0; /* fill in at the end */ 3981 /* Fill in the stc cookie data */ 3982 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie)); 3983 3984 /* tack the INIT and then the INIT-ACK onto the chain */ 3985 cookie_sz = 0; 3986 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3987 cookie_sz += SCTP_BUF_LEN(m_at); 3988 if (SCTP_BUF_NEXT(m_at) == NULL) { 3989 SCTP_BUF_NEXT(m_at) = copy_init; 3990 break; 3991 } 3992 } 3993 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3994 cookie_sz += SCTP_BUF_LEN(m_at); 3995 if (SCTP_BUF_NEXT(m_at) == NULL) { 3996 SCTP_BUF_NEXT(m_at) = copy_initack; 3997 break; 3998 } 3999 } 4000 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 4001 cookie_sz += SCTP_BUF_LEN(m_at); 4002 if (SCTP_BUF_NEXT(m_at) == NULL) { 4003 break; 4004 } 4005 } 4006 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_NOWAIT, 1, MT_DATA); 4007 if (sig == NULL) { 4008 /* no space, so free the entire chain */ 4009 sctp_m_freem(mret); 4010 return (NULL); 4011 } 4012 SCTP_BUF_LEN(sig) = 0; 4013 SCTP_BUF_NEXT(m_at) = sig; 4014 sig_offset = 0; 4015 foo = (uint8_t *) (mtod(sig, caddr_t) + sig_offset); 4016 memset(foo, 0, SCTP_SIGNATURE_SIZE); 4017 *signature = foo; 4018 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE; 4019 cookie_sz += SCTP_SIGNATURE_SIZE; 4020 ph->param_length = htons(cookie_sz); 4021 return (mret); 4022} 4023 4024 4025static uint8_t 4026sctp_get_ect(struct sctp_tcb *stcb) 4027{ 4028 if ((stcb != NULL) && (stcb->asoc.ecn_supported == 1)) { 4029 return (SCTP_ECT0_BIT); 4030 } else { 4031 return (0); 4032 } 4033} 4034 4035#if defined(INET) || defined(INET6) 4036static void 4037sctp_handle_no_route(struct sctp_tcb *stcb, 4038 struct sctp_nets *net, 4039 int so_locked) 4040{ 4041 SCTPDBG(SCTP_DEBUG_OUTPUT1, "dropped packet - no valid source addr\n"); 4042 4043 if (net) { 4044 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination was "); 4045 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, &net->ro._l_addr.sa); 4046 if (net->dest_state & SCTP_ADDR_CONFIRMED) { 4047 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) { 4048 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", (void *)net); 4049 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 4050 stcb, 0, 4051 (void *)net, 4052 so_locked); 4053 net->dest_state &= ~SCTP_ADDR_REACHABLE; 4054 net->dest_state &= ~SCTP_ADDR_PF; 4055 } 4056 } 4057 if (stcb) { 4058 if (net == stcb->asoc.primary_destination) { 4059 /* need a new primary */ 4060 struct sctp_nets *alt; 4061 4062 alt = sctp_find_alternate_net(stcb, net, 0); 4063 if (alt != net) { 4064 if (stcb->asoc.alternate) { 4065 sctp_free_remote_addr(stcb->asoc.alternate); 4066 } 4067 stcb->asoc.alternate = alt; 4068 atomic_add_int(&stcb->asoc.alternate->ref_count, 1); 4069 if (net->ro._s_addr) { 4070 sctp_free_ifa(net->ro._s_addr); 4071 net->ro._s_addr = NULL; 4072 } 4073 net->src_addr_selected = 0; 4074 } 4075 } 4076 } 4077 } 4078} 4079#endif 4080 4081static int 4082sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 4083 struct sctp_tcb *stcb, /* may be NULL */ 4084 struct sctp_nets *net, 4085 struct sockaddr *to, 4086 struct mbuf *m, 4087 uint32_t auth_offset, 4088 struct sctp_auth_chunk *auth, 4089 uint16_t auth_keyid, 4090 int nofragment_flag, 4091 int ecn_ok, 4092 int out_of_asoc_ok, 4093 uint16_t src_port, 4094 uint16_t dest_port, 4095 uint32_t v_tag, 4096 uint16_t port, 4097 union sctp_sockstore *over_addr, 4098#if defined(__FreeBSD__) 4099 uint8_t use_mflowid, uint32_t mflowid, 4100#endif 4101#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4102 int so_locked SCTP_UNUSED 4103#else 4104 int so_locked 4105#endif 4106 ) 4107/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 4108{ 4109 /** 4110 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet header 4111 * WITH an SCTPHDR but no IP header, endpoint inp and sa structure: 4112 * - fill in the HMAC digest of any AUTH chunk in the packet. 4113 * - calculate and fill in the SCTP checksum. 4114 * - prepend an IP address header. 4115 * - if boundall use INADDR_ANY. 4116 * - if boundspecific do source address selection. 4117 * - set fragmentation option for ipV4. 4118 * - On return from IP output, check/adjust mtu size of output 4119 * interface and smallest_mtu size as well. 4120 */ 4121 /* Will need ifdefs around this */ 4122#ifdef __Panda__ 4123 pakhandle_type o_pak; 4124#endif 4125 struct mbuf *newm; 4126 struct sctphdr *sctphdr; 4127 int packet_length; 4128 int ret; 4129#if defined(INET) || defined(INET6) 4130 uint32_t vrf_id; 4131#endif 4132#if defined(INET) || defined(INET6) 4133#if !defined(__Panda__) 4134 struct mbuf *o_pak; 4135#endif 4136 sctp_route_t *ro = NULL; 4137 struct udphdr *udp = NULL; 4138#endif 4139 uint8_t tos_value; 4140#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4141 struct socket *so = NULL; 4142#endif 4143 4144#if defined(__APPLE__) 4145 if (so_locked) { 4146 sctp_lock_assert(SCTP_INP_SO(inp)); 4147 SCTP_TCB_LOCK_ASSERT(stcb); 4148 } else { 4149 sctp_unlock_assert(SCTP_INP_SO(inp)); 4150 } 4151#endif 4152 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 4153 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 4154 sctp_m_freem(m); 4155 return (EFAULT); 4156 } 4157#if defined(INET) || defined(INET6) 4158 if (stcb) { 4159 vrf_id = stcb->asoc.vrf_id; 4160 } else { 4161 vrf_id = inp->def_vrf_id; 4162 } 4163#endif 4164 /* fill in the HMAC digest for any AUTH chunk in the packet */ 4165 if ((auth != NULL) && (stcb != NULL)) { 4166 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid); 4167 } 4168 4169 if (net) { 4170 tos_value = net->dscp; 4171 } else if (stcb) { 4172 tos_value = stcb->asoc.default_dscp; 4173 } else { 4174 tos_value = inp->sctp_ep.default_dscp; 4175 } 4176 4177 switch (to->sa_family) { 4178#ifdef INET 4179 case AF_INET: 4180 { 4181 struct ip *ip = NULL; 4182 sctp_route_t iproute; 4183 int len; 4184 4185 len = sizeof(struct ip) + sizeof(struct sctphdr); 4186 if (port) { 4187 len += sizeof(struct udphdr); 4188 } 4189 newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA); 4190 if (newm == NULL) { 4191 sctp_m_freem(m); 4192 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4193 return (ENOMEM); 4194 } 4195 SCTP_ALIGN_TO_END(newm, len); 4196 SCTP_BUF_LEN(newm) = len; 4197 SCTP_BUF_NEXT(newm) = m; 4198 m = newm; 4199#if defined(__FreeBSD__) 4200 if (net != NULL) { 4201#ifdef INVARIANTS 4202 if (net->flowidset == 0) { 4203 panic("Flow ID not set"); 4204 } 4205#endif 4206 m->m_pkthdr.flowid = net->flowid; 4207 m->m_flags |= M_FLOWID; 4208 } else { 4209 if (use_mflowid != 0) { 4210 m->m_pkthdr.flowid = mflowid; 4211 m->m_flags |= M_FLOWID; 4212 } 4213 } 4214#endif 4215 packet_length = sctp_calculate_len(m); 4216 ip = mtod(m, struct ip *); 4217 ip->ip_v = IPVERSION; 4218 ip->ip_hl = (sizeof(struct ip) >> 2); 4219 if (tos_value == 0) { 4220 /* 4221 * This means especially, that it is not set at the 4222 * SCTP layer. So use the value from the IP layer. 4223 */ 4224#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__Panda__) || defined(__Windows__) || defined(__Userspace__) 4225 tos_value = inp->ip_inp.inp.inp_ip_tos; 4226#else 4227 tos_value = inp->inp_ip_tos; 4228#endif 4229 } 4230 tos_value &= 0xfc; 4231 if (ecn_ok) { 4232 tos_value |= sctp_get_ect(stcb); 4233 } 4234 if ((nofragment_flag) && (port == 0)) { 4235#if defined(__FreeBSD__) 4236#if __FreeBSD_version >= 1000000 4237 ip->ip_off = htons(IP_DF); 4238#else 4239 ip->ip_off = IP_DF; 4240#endif 4241#elif defined(WITH_CONVERT_IP_OFF) || defined(__APPLE__) || defined(__Userspace__) 4242 ip->ip_off = IP_DF; 4243#else 4244 ip->ip_off = htons(IP_DF); 4245#endif 4246 } else { 4247#if defined(__FreeBSD__) && __FreeBSD_version >= 1000000 4248 ip->ip_off = htons(0); 4249#else 4250 ip->ip_off = 0; 4251#endif 4252 } 4253#if defined(__FreeBSD__) 4254 /* FreeBSD has a function for ip_id's */ 4255 ip->ip_id = ip_newid(); 4256#elif defined(RANDOM_IP_ID) 4257 /* Apple has RANDOM_IP_ID switch */ 4258 ip->ip_id = htons(ip_randomid()); 4259#elif defined(__Userspace__) 4260 ip->ip_id = htons(SCTP_IP_ID(inp)++); 4261#else 4262 ip->ip_id = SCTP_IP_ID(inp)++; 4263#endif 4264 4265#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__Panda__) || defined(__Windows__) || defined(__Userspace__) 4266 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; 4267#else 4268 ip->ip_ttl = inp->inp_ip_ttl; 4269#endif 4270#if defined(__FreeBSD__) && __FreeBSD_version >= 1000000 4271 ip->ip_len = htons(packet_length); 4272#else 4273 ip->ip_len = packet_length; 4274#endif 4275 ip->ip_tos = tos_value; 4276 if (port) { 4277 ip->ip_p = IPPROTO_UDP; 4278 } else { 4279 ip->ip_p = IPPROTO_SCTP; 4280 } 4281 ip->ip_sum = 0; 4282 if (net == NULL) { 4283 ro = &iproute; 4284 memset(&iproute, 0, sizeof(iproute)); 4285#ifdef HAVE_SA_LEN 4286 memcpy(&ro->ro_dst, to, to->sa_len); 4287#else 4288 memcpy(&ro->ro_dst, to, sizeof(struct sockaddr_in)); 4289#endif 4290 } else { 4291 ro = (sctp_route_t *)&net->ro; 4292 } 4293 /* Now the address selection part */ 4294 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr; 4295 4296 /* call the routine to select the src address */ 4297 if (net && out_of_asoc_ok == 0) { 4298 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED|SCTP_ADDR_IFA_UNUSEABLE))) { 4299 sctp_free_ifa(net->ro._s_addr); 4300 net->ro._s_addr = NULL; 4301 net->src_addr_selected = 0; 4302 if (ro->ro_rt) { 4303 RTFREE(ro->ro_rt); 4304 ro->ro_rt = NULL; 4305 } 4306 } 4307 if (net->src_addr_selected == 0) { 4308 /* Cache the source address */ 4309 net->ro._s_addr = sctp_source_address_selection(inp,stcb, 4310 ro, net, 0, 4311 vrf_id); 4312 net->src_addr_selected = 1; 4313 } 4314 if (net->ro._s_addr == NULL) { 4315 /* No route to host */ 4316 net->src_addr_selected = 0; 4317 sctp_handle_no_route(stcb, net, so_locked); 4318 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4319 sctp_m_freem(m); 4320 return (EHOSTUNREACH); 4321 } 4322 ip->ip_src = net->ro._s_addr->address.sin.sin_addr; 4323 } else { 4324 if (over_addr == NULL) { 4325 struct sctp_ifa *_lsrc; 4326 4327 _lsrc = sctp_source_address_selection(inp, stcb, ro, 4328 net, 4329 out_of_asoc_ok, 4330 vrf_id); 4331 if (_lsrc == NULL) { 4332 sctp_handle_no_route(stcb, net, so_locked); 4333 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4334 sctp_m_freem(m); 4335 return (EHOSTUNREACH); 4336 } 4337 ip->ip_src = _lsrc->address.sin.sin_addr; 4338 sctp_free_ifa(_lsrc); 4339 } else { 4340 ip->ip_src = over_addr->sin.sin_addr; 4341 SCTP_RTALLOC(ro, vrf_id); 4342 } 4343 } 4344 if (port) { 4345 if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) { 4346 sctp_handle_no_route(stcb, net, so_locked); 4347 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4348 sctp_m_freem(m); 4349 return (EHOSTUNREACH); 4350 } 4351 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip)); 4352 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 4353 udp->uh_dport = port; 4354 udp->uh_ulen = htons(packet_length - sizeof(struct ip)); 4355#if !defined(__Windows__) && !defined(__Userspace__) 4356#if defined(__FreeBSD__) && ((__FreeBSD_version > 803000 && __FreeBSD_version < 900000) || __FreeBSD_version > 900000) 4357 if (V_udp_cksum) { 4358 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 4359 } else { 4360 udp->uh_sum = 0; 4361 } 4362#else 4363 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 4364#endif 4365#else 4366 udp->uh_sum = 0; 4367#endif 4368 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 4369 } else { 4370 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip)); 4371 } 4372 4373 sctphdr->src_port = src_port; 4374 sctphdr->dest_port = dest_port; 4375 sctphdr->v_tag = v_tag; 4376 sctphdr->checksum = 0; 4377 4378 /* 4379 * If source address selection fails and we find no route 4380 * then the ip_output should fail as well with a 4381 * NO_ROUTE_TO_HOST type error. We probably should catch 4382 * that somewhere and abort the association right away 4383 * (assuming this is an INIT being sent). 4384 */ 4385 if (ro->ro_rt == NULL) { 4386 /* 4387 * src addr selection failed to find a route (or 4388 * valid source addr), so we can't get there from 4389 * here (yet)! 4390 */ 4391 sctp_handle_no_route(stcb, net, so_locked); 4392 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4393 sctp_m_freem(m); 4394 return (EHOSTUNREACH); 4395 } 4396 if (ro != &iproute) { 4397 memcpy(&iproute, ro, sizeof(*ro)); 4398 } 4399 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n", 4400 (uint32_t) (ntohl(ip->ip_src.s_addr))); 4401 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n", 4402 (uint32_t)(ntohl(ip->ip_dst.s_addr))); 4403 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n", 4404 (void *)ro->ro_rt); 4405 4406 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 4407 /* failed to prepend data, give up */ 4408 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4409 sctp_m_freem(m); 4410 return (ENOMEM); 4411 } 4412 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4413 if (port) { 4414#if defined(SCTP_WITH_NO_CSUM) 4415 SCTP_STAT_INCR(sctps_sendnocrc); 4416#else 4417 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr)); 4418 SCTP_STAT_INCR(sctps_sendswcrc); 4419#endif 4420#if defined(__FreeBSD__) && ((__FreeBSD_version > 803000 && __FreeBSD_version < 900000) || __FreeBSD_version > 900000) 4421 if (V_udp_cksum) { 4422 SCTP_ENABLE_UDP_CSUM(o_pak); 4423 } 4424#else 4425 SCTP_ENABLE_UDP_CSUM(o_pak); 4426#endif 4427 } else { 4428#if defined(SCTP_WITH_NO_CSUM) 4429 SCTP_STAT_INCR(sctps_sendnocrc); 4430#else 4431#if defined(__FreeBSD__) && __FreeBSD_version >= 800000 4432 m->m_pkthdr.csum_flags = CSUM_SCTP; 4433 m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 4434 SCTP_STAT_INCR(sctps_sendhwcrc); 4435#else 4436 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4437 (stcb) && (stcb->asoc.scope.loopback_scope))) { 4438 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip)); 4439 SCTP_STAT_INCR(sctps_sendswcrc); 4440 } else { 4441 SCTP_STAT_INCR(sctps_sendnocrc); 4442 } 4443#endif 4444#endif 4445 } 4446#ifdef SCTP_PACKET_LOGGING 4447 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4448 sctp_packet_log(o_pak); 4449#endif 4450 /* send it out. table id is taken from stcb */ 4451#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4452 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4453 so = SCTP_INP_SO(inp); 4454 SCTP_SOCKET_UNLOCK(so, 0); 4455 } 4456#endif 4457 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id); 4458#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4459 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4460 atomic_add_int(&stcb->asoc.refcnt, 1); 4461 SCTP_TCB_UNLOCK(stcb); 4462 SCTP_SOCKET_LOCK(so, 0); 4463 SCTP_TCB_LOCK(stcb); 4464 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4465 } 4466#endif 4467 SCTP_STAT_INCR(sctps_sendpackets); 4468 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4469 if (ret) 4470 SCTP_STAT_INCR(sctps_senderrors); 4471 4472 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret); 4473 if (net == NULL) { 4474 /* free tempy routes */ 4475#if defined(__FreeBSD__) && __FreeBSD_version > 901000 4476 RO_RTFREE(ro); 4477#else 4478 if (ro->ro_rt) { 4479 RTFREE(ro->ro_rt); 4480 ro->ro_rt = NULL; 4481 } 4482#endif 4483 } else { 4484 /* PMTU check versus smallest asoc MTU goes here */ 4485 if ((ro->ro_rt != NULL) && 4486 (net->ro._s_addr)) { 4487 uint32_t mtu; 4488 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4489 if (net->port) { 4490 mtu -= sizeof(struct udphdr); 4491 } 4492 if (mtu && (stcb->asoc.smallest_mtu > mtu)) { 4493 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4494 net->mtu = mtu; 4495 } 4496 } else if (ro->ro_rt == NULL) { 4497 /* route was freed */ 4498 if (net->ro._s_addr && 4499 net->src_addr_selected) { 4500 sctp_free_ifa(net->ro._s_addr); 4501 net->ro._s_addr = NULL; 4502 } 4503 net->src_addr_selected = 0; 4504 } 4505 } 4506 return (ret); 4507 } 4508#endif 4509#ifdef INET6 4510 case AF_INET6: 4511 { 4512 uint32_t flowlabel, flowinfo; 4513 struct ip6_hdr *ip6h; 4514 struct route_in6 ip6route; 4515#if !(defined(__Panda__) || defined(__Userspace__)) 4516 struct ifnet *ifp; 4517#endif 4518 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 4519 int prev_scope = 0; 4520#ifdef SCTP_EMBEDDED_V6_SCOPE 4521 struct sockaddr_in6 lsa6_storage; 4522 int error; 4523#endif 4524 u_short prev_port = 0; 4525 int len; 4526 4527 if (net) { 4528 flowlabel = net->flowlabel; 4529 } else if (stcb) { 4530 flowlabel = stcb->asoc.default_flowlabel; 4531 } else { 4532 flowlabel = inp->sctp_ep.default_flowlabel; 4533 } 4534 if (flowlabel == 0) { 4535 /* 4536 * This means especially, that it is not set at the 4537 * SCTP layer. So use the value from the IP layer. 4538 */ 4539#if defined(__APPLE__) && (!defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION)) 4540 flowlabel = ntohl(inp->ip_inp.inp.inp_flow); 4541#else 4542 flowlabel = ntohl(((struct in6pcb *)inp)->in6p_flowinfo); 4543#endif 4544 } 4545 flowlabel &= 0x000fffff; 4546 len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr); 4547 if (port) { 4548 len += sizeof(struct udphdr); 4549 } 4550 newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA); 4551 if (newm == NULL) { 4552 sctp_m_freem(m); 4553 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4554 return (ENOMEM); 4555 } 4556 SCTP_ALIGN_TO_END(newm, len); 4557 SCTP_BUF_LEN(newm) = len; 4558 SCTP_BUF_NEXT(newm) = m; 4559 m = newm; 4560#if defined(__FreeBSD__) 4561 if (net != NULL) { 4562#ifdef INVARIANTS 4563 if (net->flowidset == 0) { 4564 panic("Flow ID not set"); 4565 } 4566#endif 4567 m->m_pkthdr.flowid = net->flowid; 4568 m->m_flags |= M_FLOWID; 4569 } else { 4570 if (use_mflowid != 0) { 4571 m->m_pkthdr.flowid = mflowid; 4572 m->m_flags |= M_FLOWID; 4573 } 4574 } 4575#endif 4576 packet_length = sctp_calculate_len(m); 4577 4578 ip6h = mtod(m, struct ip6_hdr *); 4579 /* protect *sin6 from overwrite */ 4580 sin6 = (struct sockaddr_in6 *)to; 4581 tmp = *sin6; 4582 sin6 = &tmp; 4583 4584#ifdef SCTP_EMBEDDED_V6_SCOPE 4585 /* KAME hack: embed scopeid */ 4586#if defined(__APPLE__) 4587#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 4588 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0) 4589#else 4590 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0) 4591#endif 4592#elif defined(SCTP_KAME) 4593 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) 4594#else 4595 if (in6_embedscope(&sin6->sin6_addr, sin6) != 0) 4596#endif 4597 { 4598 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 4599 return (EINVAL); 4600 } 4601#endif /* SCTP_EMBEDDED_V6_SCOPE */ 4602 if (net == NULL) { 4603 memset(&ip6route, 0, sizeof(ip6route)); 4604 ro = (sctp_route_t *)&ip6route; 4605#ifdef HAVE_SIN6_LEN 4606 memcpy(&ro->ro_dst, sin6, sin6->sin6_len); 4607#else 4608 memcpy(&ro->ro_dst, sin6, sizeof(struct sockaddr_in6)); 4609#endif 4610 } else { 4611 ro = (sctp_route_t *)&net->ro; 4612 } 4613 /* 4614 * We assume here that inp_flow is in host byte order within 4615 * the TCB! 4616 */ 4617 if (tos_value == 0) { 4618 /* 4619 * This means especially, that it is not set at the 4620 * SCTP layer. So use the value from the IP layer. 4621 */ 4622#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__Panda__) || defined(__Windows__) || defined(__Userspace__) 4623#if defined(__APPLE__) && (!defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION)) 4624 tos_value = (ntohl(inp->ip_inp.inp.inp_flow) >> 20) & 0xff; 4625#else 4626 tos_value = (ntohl(((struct in6pcb *)inp)->in6p_flowinfo) >> 20) & 0xff; 4627#endif 4628#endif 4629 } 4630 tos_value &= 0xfc; 4631 if (ecn_ok) { 4632 tos_value |= sctp_get_ect(stcb); 4633 } 4634 flowinfo = 0x06; 4635 flowinfo <<= 8; 4636 flowinfo |= tos_value; 4637 flowinfo <<= 20; 4638 flowinfo |= flowlabel; 4639 ip6h->ip6_flow = htonl(flowinfo); 4640 if (port) { 4641 ip6h->ip6_nxt = IPPROTO_UDP; 4642 } else { 4643 ip6h->ip6_nxt = IPPROTO_SCTP; 4644 } 4645 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr)); 4646 ip6h->ip6_dst = sin6->sin6_addr; 4647 4648 /* 4649 * Add SRC address selection here: we can only reuse to a 4650 * limited degree the kame src-addr-sel, since we can try 4651 * their selection but it may not be bound. 4652 */ 4653 bzero(&lsa6_tmp, sizeof(lsa6_tmp)); 4654 lsa6_tmp.sin6_family = AF_INET6; 4655#ifdef HAVE_SIN6_LEN 4656 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 4657#endif 4658 lsa6 = &lsa6_tmp; 4659 if (net && out_of_asoc_ok == 0) { 4660 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED|SCTP_ADDR_IFA_UNUSEABLE))) { 4661 sctp_free_ifa(net->ro._s_addr); 4662 net->ro._s_addr = NULL; 4663 net->src_addr_selected = 0; 4664 if (ro->ro_rt) { 4665 RTFREE(ro->ro_rt); 4666 ro->ro_rt = NULL; 4667 } 4668 } 4669 if (net->src_addr_selected == 0) { 4670#ifdef SCTP_EMBEDDED_V6_SCOPE 4671 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4672 /* KAME hack: embed scopeid */ 4673#if defined(__APPLE__) 4674#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 4675 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0) 4676#else 4677 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0) 4678#endif 4679#elif defined(SCTP_KAME) 4680 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) 4681#else 4682 if (in6_embedscope(&sin6->sin6_addr, sin6) != 0) 4683#endif 4684 { 4685 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 4686 return (EINVAL); 4687 } 4688#endif /* SCTP_EMBEDDED_V6_SCOPE */ 4689 /* Cache the source address */ 4690 net->ro._s_addr = sctp_source_address_selection(inp, 4691 stcb, 4692 ro, 4693 net, 4694 0, 4695 vrf_id); 4696#ifdef SCTP_EMBEDDED_V6_SCOPE 4697#ifdef SCTP_KAME 4698 (void)sa6_recoverscope(sin6); 4699#else 4700 (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL); 4701#endif /* SCTP_KAME */ 4702#endif /* SCTP_EMBEDDED_V6_SCOPE */ 4703 net->src_addr_selected = 1; 4704 } 4705 if (net->ro._s_addr == NULL) { 4706 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n"); 4707 net->src_addr_selected = 0; 4708 sctp_handle_no_route(stcb, net, so_locked); 4709 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4710 sctp_m_freem(m); 4711 return (EHOSTUNREACH); 4712 } 4713 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr; 4714 } else { 4715#ifdef SCTP_EMBEDDED_V6_SCOPE 4716 sin6 = (struct sockaddr_in6 *)&ro->ro_dst; 4717 /* KAME hack: embed scopeid */ 4718#if defined(__APPLE__) 4719#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 4720 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0) 4721#else 4722 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0) 4723#endif 4724#elif defined(SCTP_KAME) 4725 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) 4726#else 4727 if (in6_embedscope(&sin6->sin6_addr, sin6) != 0) 4728#endif 4729 { 4730 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 4731 return (EINVAL); 4732 } 4733#endif /* SCTP_EMBEDDED_V6_SCOPE */ 4734 if (over_addr == NULL) { 4735 struct sctp_ifa *_lsrc; 4736 4737 _lsrc = sctp_source_address_selection(inp, stcb, ro, 4738 net, 4739 out_of_asoc_ok, 4740 vrf_id); 4741 if (_lsrc == NULL) { 4742 sctp_handle_no_route(stcb, net, so_locked); 4743 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4744 sctp_m_freem(m); 4745 return (EHOSTUNREACH); 4746 } 4747 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr; 4748 sctp_free_ifa(_lsrc); 4749 } else { 4750 lsa6->sin6_addr = over_addr->sin6.sin6_addr; 4751 SCTP_RTALLOC(ro, vrf_id); 4752 } 4753#ifdef SCTP_EMBEDDED_V6_SCOPE 4754#ifdef SCTP_KAME 4755 (void)sa6_recoverscope(sin6); 4756#else 4757 (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL); 4758#endif /* SCTP_KAME */ 4759#endif /* SCTP_EMBEDDED_V6_SCOPE */ 4760 } 4761 lsa6->sin6_port = inp->sctp_lport; 4762 4763 if (ro->ro_rt == NULL) { 4764 /* 4765 * src addr selection failed to find a route (or 4766 * valid source addr), so we can't get there from 4767 * here! 4768 */ 4769 sctp_handle_no_route(stcb, net, so_locked); 4770 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4771 sctp_m_freem(m); 4772 return (EHOSTUNREACH); 4773 } 4774#ifndef SCOPEDROUTING 4775#ifdef SCTP_EMBEDDED_V6_SCOPE 4776 /* 4777 * XXX: sa6 may not have a valid sin6_scope_id in the 4778 * non-SCOPEDROUTING case. 4779 */ 4780 bzero(&lsa6_storage, sizeof(lsa6_storage)); 4781 lsa6_storage.sin6_family = AF_INET6; 4782#ifdef HAVE_SIN6_LEN 4783 lsa6_storage.sin6_len = sizeof(lsa6_storage); 4784#endif 4785#ifdef SCTP_KAME 4786 lsa6_storage.sin6_addr = lsa6->sin6_addr; 4787 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) { 4788#else 4789 if ((error = in6_recoverscope(&lsa6_storage, &lsa6->sin6_addr, 4790 NULL)) != 0) { 4791#endif /* SCTP_KAME */ 4792 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error); 4793 sctp_m_freem(m); 4794 return (error); 4795 } 4796 /* XXX */ 4797 lsa6_storage.sin6_addr = lsa6->sin6_addr; 4798 lsa6_storage.sin6_port = inp->sctp_lport; 4799 lsa6 = &lsa6_storage; 4800#endif /* SCTP_EMBEDDED_V6_SCOPE */ 4801#endif /* SCOPEDROUTING */ 4802 ip6h->ip6_src = lsa6->sin6_addr; 4803 4804 if (port) { 4805 if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) { 4806 sctp_handle_no_route(stcb, net, so_locked); 4807 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4808 sctp_m_freem(m); 4809 return (EHOSTUNREACH); 4810 } 4811 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 4812 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 4813 udp->uh_dport = port; 4814 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr)); 4815 udp->uh_sum = 0; 4816 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 4817 } else { 4818 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 4819 } 4820 4821 sctphdr->src_port = src_port; 4822 sctphdr->dest_port = dest_port; 4823 sctphdr->v_tag = v_tag; 4824 sctphdr->checksum = 0; 4825 4826 /* 4827 * We set the hop limit now since there is a good chance 4828 * that our ro pointer is now filled 4829 */ 4830 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro); 4831#if !(defined(__Panda__) || defined(__Userspace__)) 4832 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 4833#endif 4834 4835#ifdef SCTP_DEBUG 4836 /* Copy to be sure something bad is not happening */ 4837 sin6->sin6_addr = ip6h->ip6_dst; 4838 lsa6->sin6_addr = ip6h->ip6_src; 4839#endif 4840 4841 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n"); 4842 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: "); 4843 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6); 4844 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: "); 4845 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6); 4846 if (net) { 4847 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4848 /* preserve the port and scope for link local send */ 4849 prev_scope = sin6->sin6_scope_id; 4850 prev_port = sin6->sin6_port; 4851 } 4852 4853 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 4854 /* failed to prepend data, give up */ 4855 sctp_m_freem(m); 4856 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4857 return (ENOMEM); 4858 } 4859 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4860 if (port) { 4861#if defined(SCTP_WITH_NO_CSUM) 4862 SCTP_STAT_INCR(sctps_sendnocrc); 4863#else 4864 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 4865 SCTP_STAT_INCR(sctps_sendswcrc); 4866#endif 4867#if defined(__Windows__) 4868 udp->uh_sum = 0; 4869#elif !defined(__Userspace__) 4870 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) { 4871 udp->uh_sum = 0xffff; 4872 } 4873#endif 4874 } else { 4875#if defined(SCTP_WITH_NO_CSUM) 4876 SCTP_STAT_INCR(sctps_sendnocrc); 4877#else 4878#if defined(__FreeBSD__) && __FreeBSD_version >= 800000 4879#if __FreeBSD_version < 900000 4880 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr)); 4881 SCTP_STAT_INCR(sctps_sendswcrc); 4882#else 4883#if __FreeBSD_version > 901000 4884 m->m_pkthdr.csum_flags = CSUM_SCTP_IPV6; 4885#else 4886 m->m_pkthdr.csum_flags = CSUM_SCTP; 4887#endif 4888 m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 4889 SCTP_STAT_INCR(sctps_sendhwcrc); 4890#endif 4891#else 4892 if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && 4893 (stcb) && (stcb->asoc.scope.loopback_scope))) { 4894 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr)); 4895 SCTP_STAT_INCR(sctps_sendswcrc); 4896 } else { 4897 SCTP_STAT_INCR(sctps_sendnocrc); 4898 } 4899#endif 4900#endif 4901 } 4902 /* send it out. table id is taken from stcb */ 4903#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4904 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4905 so = SCTP_INP_SO(inp); 4906 SCTP_SOCKET_UNLOCK(so, 0); 4907 } 4908#endif 4909#ifdef SCTP_PACKET_LOGGING 4910 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4911 sctp_packet_log(o_pak); 4912#endif 4913#if !(defined(__Panda__) || defined(__Userspace__)) 4914 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id); 4915#else 4916 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, NULL, stcb, vrf_id); 4917#endif 4918#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4919 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4920 atomic_add_int(&stcb->asoc.refcnt, 1); 4921 SCTP_TCB_UNLOCK(stcb); 4922 SCTP_SOCKET_LOCK(so, 0); 4923 SCTP_TCB_LOCK(stcb); 4924 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4925 } 4926#endif 4927 if (net) { 4928 /* for link local this must be done */ 4929 sin6->sin6_scope_id = prev_scope; 4930 sin6->sin6_port = prev_port; 4931 } 4932 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret); 4933 SCTP_STAT_INCR(sctps_sendpackets); 4934 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4935 if (ret) { 4936 SCTP_STAT_INCR(sctps_senderrors); 4937 } 4938 if (net == NULL) { 4939 /* Now if we had a temp route free it */ 4940#if defined(__FreeBSD__) && __FreeBSD_version > 901000 4941 RO_RTFREE(ro); 4942#else 4943 if (ro->ro_rt) { 4944 RTFREE(ro->ro_rt); 4945 ro->ro_rt = NULL; 4946 } 4947#endif 4948 } else { 4949 /* PMTU check versus smallest asoc MTU goes here */ 4950 if (ro->ro_rt == NULL) { 4951 /* Route was freed */ 4952 if (net->ro._s_addr && 4953 net->src_addr_selected) { 4954 sctp_free_ifa(net->ro._s_addr); 4955 net->ro._s_addr = NULL; 4956 } 4957 net->src_addr_selected = 0; 4958 } 4959 if ((ro->ro_rt != NULL) && 4960 (net->ro._s_addr)) { 4961 uint32_t mtu; 4962 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4963 if (mtu && 4964 (stcb->asoc.smallest_mtu > mtu)) { 4965 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4966 net->mtu = mtu; 4967 if (net->port) { 4968 net->mtu -= sizeof(struct udphdr); 4969 } 4970 } 4971 } 4972#if !defined(__Panda__) && !defined(__Userspace__) 4973 else if (ifp) { 4974#if defined(__Windows__) 4975#define ND_IFINFO(ifp) (ifp) 4976#define linkmtu if_mtu 4977#endif 4978 if (ND_IFINFO(ifp)->linkmtu && 4979 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 4980 sctp_mtu_size_reset(inp, 4981 &stcb->asoc, 4982 ND_IFINFO(ifp)->linkmtu); 4983 } 4984 } 4985#endif 4986 } 4987 return (ret); 4988 } 4989#endif 4990#if defined(__Userspace__) 4991 case AF_CONN: 4992 { 4993 char *buffer; 4994 struct sockaddr_conn *sconn; 4995 int len; 4996 4997 sconn = (struct sockaddr_conn *)to; 4998 len = sizeof(struct sctphdr); 4999 newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA); 5000 if (newm == NULL) { 5001 sctp_m_freem(m); 5002 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 5003 return (ENOMEM); 5004 } 5005 SCTP_ALIGN_TO_END(newm, len); 5006 SCTP_BUF_LEN(newm) = len; 5007 SCTP_BUF_NEXT(newm) = m; 5008 m = newm; 5009 packet_length = sctp_calculate_len(m); 5010 sctphdr = mtod(m, struct sctphdr *); 5011 sctphdr->src_port = src_port; 5012 sctphdr->dest_port = dest_port; 5013 sctphdr->v_tag = v_tag; 5014 sctphdr->checksum = 0; 5015#if defined(SCTP_WITH_NO_CSUM) 5016 SCTP_STAT_INCR(sctps_sendnocrc); 5017#else 5018 sctphdr->checksum = sctp_calculate_cksum(m, 0); 5019 SCTP_STAT_INCR(sctps_sendswcrc); 5020#endif 5021 if (tos_value == 0) { 5022 tos_value = inp->ip_inp.inp.inp_ip_tos; 5023 } 5024 tos_value &= 0xfc; 5025 if (ecn_ok) { 5026 tos_value |= sctp_get_ect(stcb); 5027 } 5028 /* Don't alloc/free for each packet */ 5029 if ((buffer = malloc(packet_length)) != NULL) { 5030 m_copydata(m, 0, packet_length, buffer); 5031 ret = SCTP_BASE_VAR(conn_output)(sconn->sconn_addr, buffer, packet_length, tos_value, nofragment_flag); 5032 free(buffer); 5033 } else { 5034 ret = ENOMEM; 5035 } 5036 sctp_m_freem(m); 5037 return (ret); 5038 } 5039#endif 5040 default: 5041 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 5042 ((struct sockaddr *)to)->sa_family); 5043 sctp_m_freem(m); 5044 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 5045 return (EFAULT); 5046 } 5047} 5048 5049 5050void 5051sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked 5052#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 5053 SCTP_UNUSED 5054#endif 5055 ) 5056{ 5057 struct mbuf *m, *m_last; 5058 struct sctp_nets *net; 5059 struct sctp_init_chunk *init; 5060 struct sctp_supported_addr_param *sup_addr; 5061 struct sctp_adaptation_layer_indication *ali; 5062 struct sctp_supported_chunk_types_param *pr_supported; 5063 struct sctp_paramhdr *ph; 5064 int cnt_inits_to = 0; 5065 int ret; 5066 uint16_t num_ext, chunk_len, padding_len, parameter_len; 5067 5068#if defined(__APPLE__) 5069 if (so_locked) { 5070 sctp_lock_assert(SCTP_INP_SO(inp)); 5071 } else { 5072 sctp_unlock_assert(SCTP_INP_SO(inp)); 5073 } 5074#endif 5075 /* INIT's always go to the primary (and usually ONLY address) */ 5076 net = stcb->asoc.primary_destination; 5077 if (net == NULL) { 5078 net = TAILQ_FIRST(&stcb->asoc.nets); 5079 if (net == NULL) { 5080 /* TSNH */ 5081 return; 5082 } 5083 /* we confirm any address we send an INIT to */ 5084 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 5085 (void)sctp_set_primary_addr(stcb, NULL, net); 5086 } else { 5087 /* we confirm any address we send an INIT to */ 5088 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 5089 } 5090 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n"); 5091#ifdef INET6 5092 if (net->ro._l_addr.sa.sa_family == AF_INET6) { 5093 /* 5094 * special hook, if we are sending to link local it will not 5095 * show up in our private address count. 5096 */ 5097 if (IN6_IS_ADDR_LINKLOCAL(&net->ro._l_addr.sin6.sin6_addr)) 5098 cnt_inits_to = 1; 5099 } 5100#endif 5101 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 5102 /* This case should not happen */ 5103 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n"); 5104 return; 5105 } 5106 /* start the INIT timer */ 5107 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 5108 5109 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_NOWAIT, 1, MT_DATA); 5110 if (m == NULL) { 5111 /* No memory, INIT timer will re-attempt. */ 5112 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n"); 5113 return; 5114 } 5115 chunk_len = (uint16_t)sizeof(struct sctp_init_chunk); 5116 padding_len = 0; 5117 /* Now lets put the chunk header in place */ 5118 init = mtod(m, struct sctp_init_chunk *); 5119 /* now the chunk header */ 5120 init->ch.chunk_type = SCTP_INITIATION; 5121 init->ch.chunk_flags = 0; 5122 /* fill in later from mbuf we build */ 5123 init->ch.chunk_length = 0; 5124 /* place in my tag */ 5125 init->init.initiate_tag = htonl(stcb->asoc.my_vtag); 5126 /* set up some of the credits. */ 5127 init->init.a_rwnd = htonl(max(inp->sctp_socket?SCTP_SB_LIMIT_RCV(inp->sctp_socket):0, 5128 SCTP_MINIMAL_RWND)); 5129 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 5130 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 5131 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number); 5132 5133 /* Adaptation layer indication parameter */ 5134 if (inp->sctp_ep.adaptation_layer_indicator_provided) { 5135 parameter_len = (uint16_t)sizeof(struct sctp_adaptation_layer_indication); 5136 ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t) + chunk_len); 5137 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 5138 ali->ph.param_length = htons(parameter_len); 5139 ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator); 5140 chunk_len += parameter_len; 5141 } 5142 5143 /* ECN parameter */ 5144 if (stcb->asoc.ecn_supported == 1) { 5145 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 5146 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len); 5147 ph->param_type = htons(SCTP_ECN_CAPABLE); 5148 ph->param_length = htons(parameter_len); 5149 chunk_len += parameter_len; 5150 } 5151 5152 /* PR-SCTP supported parameter */ 5153 if (stcb->asoc.prsctp_supported == 1) { 5154 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 5155 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len); 5156 ph->param_type = htons(SCTP_PRSCTP_SUPPORTED); 5157 ph->param_length = htons(parameter_len); 5158 chunk_len += parameter_len; 5159 } 5160 5161 /* Add NAT friendly parameter. */ 5162 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) { 5163 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 5164 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len); 5165 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 5166 ph->param_length = htons(parameter_len); 5167 chunk_len += parameter_len; 5168 } 5169 5170 /* And now tell the peer which extensions we support */ 5171 num_ext = 0; 5172 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t) + chunk_len); 5173 if (stcb->asoc.prsctp_supported == 1) { 5174 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 5175 } 5176 if (stcb->asoc.auth_supported == 1) { 5177 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 5178 } 5179 if (stcb->asoc.asconf_supported == 1) { 5180 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 5181 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 5182 } 5183 if (stcb->asoc.reconfig_supported == 1) { 5184 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 5185 } 5186 if (stcb->asoc.nrsack_supported == 1) { 5187 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 5188 } 5189 if (stcb->asoc.pktdrop_supported == 1) { 5190 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 5191 } 5192 if (num_ext > 0) { 5193 parameter_len = (uint16_t)sizeof(struct sctp_supported_chunk_types_param) + num_ext; 5194 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 5195 pr_supported->ph.param_length = htons(parameter_len); 5196 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5197 chunk_len += parameter_len; 5198 } 5199 /* add authentication parameters */ 5200 if (stcb->asoc.auth_supported) { 5201 /* attach RANDOM parameter, if available */ 5202 if (stcb->asoc.authinfo.random != NULL) { 5203 struct sctp_auth_random *randp; 5204 5205 if (padding_len > 0) { 5206 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 5207 chunk_len += padding_len; 5208 padding_len = 0; 5209 } 5210 randp = (struct sctp_auth_random *)(mtod(m, caddr_t) + chunk_len); 5211 parameter_len = (uint16_t)sizeof(struct sctp_auth_random) + stcb->asoc.authinfo.random_len; 5212 /* random key already contains the header */ 5213 memcpy(randp, stcb->asoc.authinfo.random->key, parameter_len); 5214 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5215 chunk_len += parameter_len; 5216 } 5217 /* add HMAC_ALGO parameter */ 5218 if (stcb->asoc.local_hmacs != NULL) { 5219 struct sctp_auth_hmac_algo *hmacs; 5220 5221 if (padding_len > 0) { 5222 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 5223 chunk_len += padding_len; 5224 padding_len = 0; 5225 } 5226 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t) + chunk_len); 5227 parameter_len = (uint16_t)(sizeof(struct sctp_auth_hmac_algo) + 5228 stcb->asoc.local_hmacs->num_algo * sizeof(uint16_t)); 5229 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 5230 hmacs->ph.param_length = htons(parameter_len); 5231 sctp_serialize_hmaclist(stcb->asoc.local_hmacs, (uint8_t *)hmacs->hmac_ids); 5232 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5233 chunk_len += parameter_len; 5234 } 5235 /* add CHUNKS parameter */ 5236 if (stcb->asoc.local_auth_chunks != NULL) { 5237 struct sctp_auth_chunk_list *chunks; 5238 5239 if (padding_len > 0) { 5240 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 5241 chunk_len += padding_len; 5242 padding_len = 0; 5243 } 5244 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t) + chunk_len); 5245 parameter_len = (uint16_t)(sizeof(struct sctp_auth_chunk_list) + 5246 sctp_auth_get_chklist_size(stcb->asoc.local_auth_chunks)); 5247 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 5248 chunks->ph.param_length = htons(parameter_len); 5249 sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, chunks->chunk_types); 5250 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5251 chunk_len += parameter_len; 5252 } 5253 } 5254 5255 /* now any cookie time extensions */ 5256 if (stcb->asoc.cookie_preserve_req) { 5257 struct sctp_cookie_perserve_param *cookie_preserve; 5258 5259 if (padding_len > 0) { 5260 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 5261 chunk_len += padding_len; 5262 padding_len = 0; 5263 } 5264 parameter_len = (uint16_t)sizeof(struct sctp_cookie_perserve_param); 5265 cookie_preserve = (struct sctp_cookie_perserve_param *)(mtod(m, caddr_t) + chunk_len); 5266 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 5267 cookie_preserve->ph.param_length = htons(parameter_len); 5268 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 5269 stcb->asoc.cookie_preserve_req = 0; 5270 chunk_len += parameter_len; 5271 } 5272 5273 if (stcb->asoc.scope.ipv4_addr_legal || stcb->asoc.scope.ipv6_addr_legal) { 5274 uint8_t i; 5275 5276 if (padding_len > 0) { 5277 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 5278 chunk_len += padding_len; 5279 padding_len = 0; 5280 } 5281 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 5282 if (stcb->asoc.scope.ipv4_addr_legal) { 5283 parameter_len += (uint16_t)sizeof(uint16_t); 5284 } 5285 if (stcb->asoc.scope.ipv6_addr_legal) { 5286 parameter_len += (uint16_t)sizeof(uint16_t); 5287 } 5288 sup_addr = (struct sctp_supported_addr_param *)(mtod(m, caddr_t) + chunk_len); 5289 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 5290 sup_addr->ph.param_length = htons(parameter_len); 5291 i = 0; 5292 if (stcb->asoc.scope.ipv4_addr_legal) { 5293 sup_addr->addr_type[i++] = htons(SCTP_IPV4_ADDRESS); 5294 } 5295 if (stcb->asoc.scope.ipv6_addr_legal) { 5296 sup_addr->addr_type[i++] = htons(SCTP_IPV6_ADDRESS); 5297 } 5298 padding_len = 4 - 2 * i; 5299 chunk_len += parameter_len; 5300 } 5301 5302 SCTP_BUF_LEN(m) = chunk_len; 5303 /* now the addresses */ 5304 /* To optimize this we could put the scoping stuff 5305 * into a structure and remove the individual uint8's from 5306 * the assoc structure. Then we could just sifa in the 5307 * address within the stcb. But for now this is a quick 5308 * hack to get the address stuff teased apart. 5309 */ 5310 m_last = sctp_add_addresses_to_i_ia(inp, stcb, &stcb->asoc.scope, 5311 m, cnt_inits_to, 5312 &padding_len, &chunk_len); 5313 5314 init->ch.chunk_length = htons(chunk_len); 5315 if (padding_len > 0) { 5316 if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) { 5317 sctp_m_freem(m); 5318 return; 5319 } 5320 } 5321 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n"); 5322 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 5323 (struct sockaddr *)&net->ro._l_addr, 5324 m, 0, NULL, 0, 0, 0, 0, 5325 inp->sctp_lport, stcb->rport, htonl(0), 5326 net->port, NULL, 5327#if defined(__FreeBSD__) 5328 0, 0, 5329#endif 5330 so_locked); 5331 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret); 5332 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 5333 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 5334} 5335 5336struct mbuf * 5337sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 5338 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly) 5339{ 5340 /* 5341 * Given a mbuf containing an INIT or INIT-ACK with the param_offset 5342 * being equal to the beginning of the params i.e. (iphlen + 5343 * sizeof(struct sctp_init_msg) parse through the parameters to the 5344 * end of the mbuf verifying that all parameters are known. 5345 * 5346 * For unknown parameters build and return a mbuf with 5347 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop 5348 * processing this chunk stop, and set *abort_processing to 1. 5349 * 5350 * By having param_offset be pre-set to where parameters begin it is 5351 * hoped that this routine may be reused in the future by new 5352 * features. 5353 */ 5354 struct sctp_paramhdr *phdr, params; 5355 5356 struct mbuf *mat, *op_err; 5357 char tempbuf[SCTP_PARAM_BUFFER_SIZE]; 5358 int at, limit, pad_needed; 5359 uint16_t ptype, plen, padded_size; 5360 int err_at; 5361 5362 *abort_processing = 0; 5363 mat = in_initpkt; 5364 err_at = 0; 5365 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 5366 at = param_offset; 5367 op_err = NULL; 5368 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n"); 5369 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 5370 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 5371 ptype = ntohs(phdr->param_type); 5372 plen = ntohs(phdr->param_length); 5373 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) { 5374 /* wacked parameter */ 5375 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen); 5376 goto invalid_size; 5377 } 5378 limit -= SCTP_SIZE32(plen); 5379 /*- 5380 * All parameters for all chunks that we know/understand are 5381 * listed here. We process them other places and make 5382 * appropriate stop actions per the upper bits. However this 5383 * is the generic routine processor's can call to get back 5384 * an operr.. to either incorporate (init-ack) or send. 5385 */ 5386 padded_size = SCTP_SIZE32(plen); 5387 switch (ptype) { 5388 /* Param's with variable size */ 5389 case SCTP_HEARTBEAT_INFO: 5390 case SCTP_STATE_COOKIE: 5391 case SCTP_UNRECOG_PARAM: 5392 case SCTP_ERROR_CAUSE_IND: 5393 /* ok skip fwd */ 5394 at += padded_size; 5395 break; 5396 /* Param's with variable size within a range */ 5397 case SCTP_CHUNK_LIST: 5398 case SCTP_SUPPORTED_CHUNK_EXT: 5399 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) { 5400 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen); 5401 goto invalid_size; 5402 } 5403 at += padded_size; 5404 break; 5405 case SCTP_SUPPORTED_ADDRTYPE: 5406 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) { 5407 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen); 5408 goto invalid_size; 5409 } 5410 at += padded_size; 5411 break; 5412 case SCTP_RANDOM: 5413 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) { 5414 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen); 5415 goto invalid_size; 5416 } 5417 at += padded_size; 5418 break; 5419 case SCTP_SET_PRIM_ADDR: 5420 case SCTP_DEL_IP_ADDRESS: 5421 case SCTP_ADD_IP_ADDRESS: 5422 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) && 5423 (padded_size != sizeof(struct sctp_asconf_addr_param))) { 5424 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen); 5425 goto invalid_size; 5426 } 5427 at += padded_size; 5428 break; 5429 /* Param's with a fixed size */ 5430 case SCTP_IPV4_ADDRESS: 5431 if (padded_size != sizeof(struct sctp_ipv4addr_param)) { 5432 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen); 5433 goto invalid_size; 5434 } 5435 at += padded_size; 5436 break; 5437 case SCTP_IPV6_ADDRESS: 5438 if (padded_size != sizeof(struct sctp_ipv6addr_param)) { 5439 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen); 5440 goto invalid_size; 5441 } 5442 at += padded_size; 5443 break; 5444 case SCTP_COOKIE_PRESERVE: 5445 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) { 5446 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen); 5447 goto invalid_size; 5448 } 5449 at += padded_size; 5450 break; 5451 case SCTP_HAS_NAT_SUPPORT: 5452 *nat_friendly = 1; 5453 /* fall through */ 5454 case SCTP_PRSCTP_SUPPORTED: 5455 if (padded_size != sizeof(struct sctp_paramhdr)) { 5456 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error prsctp/nat support %d\n", plen); 5457 goto invalid_size; 5458 } 5459 at += padded_size; 5460 break; 5461 case SCTP_ECN_CAPABLE: 5462 if (padded_size != sizeof(struct sctp_paramhdr)) { 5463 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen); 5464 goto invalid_size; 5465 } 5466 at += padded_size; 5467 break; 5468 case SCTP_ULP_ADAPTATION: 5469 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) { 5470 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen); 5471 goto invalid_size; 5472 } 5473 at += padded_size; 5474 break; 5475 case SCTP_SUCCESS_REPORT: 5476 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) { 5477 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen); 5478 goto invalid_size; 5479 } 5480 at += padded_size; 5481 break; 5482 case SCTP_HOSTNAME_ADDRESS: 5483 { 5484 /* We can NOT handle HOST NAME addresses!! */ 5485 int l_len; 5486 5487 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n"); 5488 *abort_processing = 1; 5489 if (op_err == NULL) { 5490 /* Ok need to try to get a mbuf */ 5491#ifdef INET6 5492 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 5493#else 5494 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 5495#endif 5496 l_len += plen; 5497 l_len += sizeof(struct sctp_paramhdr); 5498 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); 5499 if (op_err) { 5500 SCTP_BUF_LEN(op_err) = 0; 5501 /* 5502 * pre-reserve space for ip and sctp 5503 * header and chunk hdr 5504 */ 5505#ifdef INET6 5506 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 5507#else 5508 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 5509#endif 5510 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 5511 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 5512 } 5513 } 5514 if (op_err) { 5515 /* If we have space */ 5516 struct sctp_paramhdr s; 5517 5518 if (err_at % 4) { 5519 uint32_t cpthis = 0; 5520 5521 pad_needed = 4 - (err_at % 4); 5522 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 5523 err_at += pad_needed; 5524 } 5525 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); 5526 s.param_length = htons(sizeof(s) + plen); 5527 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 5528 err_at += sizeof(s); 5529 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf),plen)); 5530 if (phdr == NULL) { 5531 sctp_m_freem(op_err); 5532 /* 5533 * we are out of memory but we still 5534 * need to have a look at what to do 5535 * (the system is in trouble 5536 * though). 5537 */ 5538 return (NULL); 5539 } 5540 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 5541 } 5542 return (op_err); 5543 break; 5544 } 5545 default: 5546 /* 5547 * we do not recognize the parameter figure out what 5548 * we do. 5549 */ 5550 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype); 5551 if ((ptype & 0x4000) == 0x4000) { 5552 /* Report bit is set?? */ 5553 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n"); 5554 if (op_err == NULL) { 5555 int l_len; 5556 /* Ok need to try to get an mbuf */ 5557#ifdef INET6 5558 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 5559#else 5560 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 5561#endif 5562 l_len += plen; 5563 l_len += sizeof(struct sctp_paramhdr); 5564 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); 5565 if (op_err) { 5566 SCTP_BUF_LEN(op_err) = 0; 5567#ifdef INET6 5568 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 5569#else 5570 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 5571#endif 5572 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 5573 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 5574 } 5575 } 5576 if (op_err) { 5577 /* If we have space */ 5578 struct sctp_paramhdr s; 5579 5580 if (err_at % 4) { 5581 uint32_t cpthis = 0; 5582 5583 pad_needed = 4 - (err_at % 4); 5584 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 5585 err_at += pad_needed; 5586 } 5587 s.param_type = htons(SCTP_UNRECOG_PARAM); 5588 s.param_length = htons(sizeof(s) + plen); 5589 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 5590 err_at += sizeof(s); 5591 if (plen > sizeof(tempbuf)) { 5592 plen = sizeof(tempbuf); 5593 } 5594 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf),plen)); 5595 if (phdr == NULL) { 5596 sctp_m_freem(op_err); 5597 /* 5598 * we are out of memory but 5599 * we still need to have a 5600 * look at what to do (the 5601 * system is in trouble 5602 * though). 5603 */ 5604 op_err = NULL; 5605 goto more_processing; 5606 } 5607 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 5608 err_at += plen; 5609 } 5610 } 5611 more_processing: 5612 if ((ptype & 0x8000) == 0x0000) { 5613 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n"); 5614 return (op_err); 5615 } else { 5616 /* skip this chunk and continue processing */ 5617 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n"); 5618 at += SCTP_SIZE32(plen); 5619 } 5620 break; 5621 5622 } 5623 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 5624 } 5625 return (op_err); 5626 invalid_size: 5627 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n"); 5628 *abort_processing = 1; 5629 if ((op_err == NULL) && phdr) { 5630 int l_len; 5631#ifdef INET6 5632 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 5633#else 5634 l_len = sizeof(struct ip) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 5635#endif 5636 l_len += (2 * sizeof(struct sctp_paramhdr)); 5637 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); 5638 if (op_err) { 5639 SCTP_BUF_LEN(op_err) = 0; 5640#ifdef INET6 5641 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 5642#else 5643 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 5644#endif 5645 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 5646 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 5647 } 5648 } 5649 if ((op_err) && phdr) { 5650 struct sctp_paramhdr s; 5651 5652 if (err_at % 4) { 5653 uint32_t cpthis = 0; 5654 5655 pad_needed = 4 - (err_at % 4); 5656 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 5657 err_at += pad_needed; 5658 } 5659 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION); 5660 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr)); 5661 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 5662 err_at += sizeof(s); 5663 /* Only copy back the p-hdr that caused the issue */ 5664 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr); 5665 } 5666 return (op_err); 5667} 5668 5669static int 5670sctp_are_there_new_addresses(struct sctp_association *asoc, 5671 struct mbuf *in_initpkt, int offset, struct sockaddr *src) 5672{ 5673 /* 5674 * Given a INIT packet, look through the packet to verify that there 5675 * are NO new addresses. As we go through the parameters add reports 5676 * of any un-understood parameters that require an error. Also we 5677 * must return (1) to drop the packet if we see a un-understood 5678 * parameter that tells us to drop the chunk. 5679 */ 5680 struct sockaddr *sa_touse; 5681 struct sockaddr *sa; 5682 struct sctp_paramhdr *phdr, params; 5683 uint16_t ptype, plen; 5684 uint8_t fnd; 5685 struct sctp_nets *net; 5686#ifdef INET 5687 struct sockaddr_in sin4, *sa4; 5688#endif 5689#ifdef INET6 5690 struct sockaddr_in6 sin6, *sa6; 5691#endif 5692 5693#ifdef INET 5694 memset(&sin4, 0, sizeof(sin4)); 5695 sin4.sin_family = AF_INET; 5696#ifdef HAVE_SIN_LEN 5697 sin4.sin_len = sizeof(sin4); 5698#endif 5699#endif 5700#ifdef INET6 5701 memset(&sin6, 0, sizeof(sin6)); 5702 sin6.sin6_family = AF_INET6; 5703#ifdef HAVE_SIN6_LEN 5704 sin6.sin6_len = sizeof(sin6); 5705#endif 5706#endif 5707 /* First what about the src address of the pkt ? */ 5708 fnd = 0; 5709 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5710 sa = (struct sockaddr *)&net->ro._l_addr; 5711 if (sa->sa_family == src->sa_family) { 5712#ifdef INET 5713 if (sa->sa_family == AF_INET) { 5714 struct sockaddr_in *src4; 5715 5716 sa4 = (struct sockaddr_in *)sa; 5717 src4 = (struct sockaddr_in *)src; 5718 if (sa4->sin_addr.s_addr == src4->sin_addr.s_addr) { 5719 fnd = 1; 5720 break; 5721 } 5722 } 5723#endif 5724#ifdef INET6 5725 if (sa->sa_family == AF_INET6) { 5726 struct sockaddr_in6 *src6; 5727 5728 sa6 = (struct sockaddr_in6 *)sa; 5729 src6 = (struct sockaddr_in6 *)src; 5730 if (SCTP6_ARE_ADDR_EQUAL(sa6, src6)) { 5731 fnd = 1; 5732 break; 5733 } 5734 } 5735#endif 5736 } 5737 } 5738 if (fnd == 0) { 5739 /* New address added! no need to look futher. */ 5740 return (1); 5741 } 5742 /* Ok so far lets munge through the rest of the packet */ 5743 offset += sizeof(struct sctp_init_chunk); 5744 phdr = sctp_get_next_param(in_initpkt, offset, ¶ms, sizeof(params)); 5745 while (phdr) { 5746 sa_touse = NULL; 5747 ptype = ntohs(phdr->param_type); 5748 plen = ntohs(phdr->param_length); 5749 switch (ptype) { 5750#ifdef INET 5751 case SCTP_IPV4_ADDRESS: 5752 { 5753 struct sctp_ipv4addr_param *p4, p4_buf; 5754 5755 phdr = sctp_get_next_param(in_initpkt, offset, 5756 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 5757 if (plen != sizeof(struct sctp_ipv4addr_param) || 5758 phdr == NULL) { 5759 return (1); 5760 } 5761 p4 = (struct sctp_ipv4addr_param *)phdr; 5762 sin4.sin_addr.s_addr = p4->addr; 5763 sa_touse = (struct sockaddr *)&sin4; 5764 break; 5765 } 5766#endif 5767#ifdef INET6 5768 case SCTP_IPV6_ADDRESS: 5769 { 5770 struct sctp_ipv6addr_param *p6, p6_buf; 5771 5772 phdr = sctp_get_next_param(in_initpkt, offset, 5773 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 5774 if (plen != sizeof(struct sctp_ipv6addr_param) || 5775 phdr == NULL) { 5776 return (1); 5777 } 5778 p6 = (struct sctp_ipv6addr_param *)phdr; 5779 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 5780 sizeof(p6->addr)); 5781 sa_touse = (struct sockaddr *)&sin6; 5782 break; 5783 } 5784#endif 5785 default: 5786 sa_touse = NULL; 5787 break; 5788 } 5789 if (sa_touse) { 5790 /* ok, sa_touse points to one to check */ 5791 fnd = 0; 5792 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5793 sa = (struct sockaddr *)&net->ro._l_addr; 5794 if (sa->sa_family != sa_touse->sa_family) { 5795 continue; 5796 } 5797#ifdef INET 5798 if (sa->sa_family == AF_INET) { 5799 sa4 = (struct sockaddr_in *)sa; 5800 if (sa4->sin_addr.s_addr == 5801 sin4.sin_addr.s_addr) { 5802 fnd = 1; 5803 break; 5804 } 5805 } 5806#endif 5807#ifdef INET6 5808 if (sa->sa_family == AF_INET6) { 5809 sa6 = (struct sockaddr_in6 *)sa; 5810 if (SCTP6_ARE_ADDR_EQUAL( 5811 sa6, &sin6)) { 5812 fnd = 1; 5813 break; 5814 } 5815 } 5816#endif 5817 } 5818 if (!fnd) { 5819 /* New addr added! no need to look further */ 5820 return (1); 5821 } 5822 } 5823 offset += SCTP_SIZE32(plen); 5824 phdr = sctp_get_next_param(in_initpkt, offset, ¶ms, sizeof(params)); 5825 } 5826 return (0); 5827} 5828 5829/* 5830 * Given a MBUF chain that was sent into us containing an INIT. Build a 5831 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done 5832 * a pullup to include IPv6/4header, SCTP header and initial part of INIT 5833 * message (i.e. the struct sctp_init_msg). 5834 */ 5835void 5836sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 5837 struct mbuf *init_pkt, int iphlen, int offset, 5838 struct sockaddr *src, struct sockaddr *dst, 5839 struct sctphdr *sh, struct sctp_init_chunk *init_chk, 5840#if defined(__FreeBSD__) 5841 uint8_t use_mflowid, uint32_t mflowid, 5842#endif 5843 uint32_t vrf_id, uint16_t port, int hold_inp_lock) 5844{ 5845 struct sctp_association *asoc; 5846 struct mbuf *m, *m_tmp, *m_last, *m_cookie, *op_err; 5847 struct sctp_init_ack_chunk *initack; 5848 struct sctp_adaptation_layer_indication *ali; 5849 struct sctp_supported_chunk_types_param *pr_supported; 5850 struct sctp_paramhdr *ph; 5851 union sctp_sockstore *over_addr; 5852 struct sctp_scoping scp; 5853#ifdef INET 5854 struct sockaddr_in *dst4 = (struct sockaddr_in *)dst; 5855 struct sockaddr_in *src4 = (struct sockaddr_in *)src; 5856 struct sockaddr_in *sin; 5857#endif 5858#ifdef INET6 5859 struct sockaddr_in6 *dst6 = (struct sockaddr_in6 *)dst; 5860 struct sockaddr_in6 *src6 = (struct sockaddr_in6 *)src; 5861 struct sockaddr_in6 *sin6; 5862#endif 5863#if defined(__Userspace__) 5864 struct sockaddr_conn *dstconn = (struct sockaddr_conn *)dst; 5865 struct sockaddr_conn *srcconn = (struct sockaddr_conn *)src; 5866 struct sockaddr_conn *sconn; 5867#endif 5868 struct sockaddr *to; 5869 struct sctp_state_cookie stc; 5870 struct sctp_nets *net = NULL; 5871 uint8_t *signature = NULL; 5872 int cnt_inits_to = 0; 5873 uint16_t his_limit, i_want; 5874 int abort_flag; 5875 int nat_friendly = 0; 5876 struct socket *so; 5877 uint16_t num_ext, chunk_len, padding_len, parameter_len; 5878 5879 if (stcb) { 5880 asoc = &stcb->asoc; 5881 } else { 5882 asoc = NULL; 5883 } 5884 if ((asoc != NULL) && 5885 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 5886 (sctp_are_there_new_addresses(asoc, init_pkt, offset, src))) { 5887 /* new addresses, out of here in non-cookie-wait states */ 5888 /* 5889 * Send a ABORT, we don't add the new address error clause 5890 * though we even set the T bit and copy in the 0 tag.. this 5891 * looks no different than if no listener was present. 5892 */ 5893 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 5894 "Address added"); 5895 sctp_send_abort(init_pkt, iphlen, src, dst, sh, 0, op_err, 5896#if defined(__FreeBSD__) 5897 use_mflowid, mflowid, 5898#endif 5899 vrf_id, port); 5900 return; 5901 } 5902 abort_flag = 0; 5903 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 5904 (offset + sizeof(struct sctp_init_chunk)), 5905 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly); 5906 if (abort_flag) { 5907 do_a_abort: 5908 if (op_err == NULL) { 5909 char msg[SCTP_DIAG_INFO_LEN]; 5910 5911 snprintf(msg, sizeof(msg), "%s:%d at %s\n", __FILE__, __LINE__, __FUNCTION__); 5912 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 5913 msg); 5914 } 5915 sctp_send_abort(init_pkt, iphlen, src, dst, sh, 5916 init_chk->init.initiate_tag, op_err, 5917#if defined(__FreeBSD__) 5918 use_mflowid, mflowid, 5919#endif 5920 vrf_id, port); 5921 return; 5922 } 5923 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 5924 if (m == NULL) { 5925 /* No memory, INIT timer will re-attempt. */ 5926 if (op_err) 5927 sctp_m_freem(op_err); 5928 return; 5929 } 5930 chunk_len = (uint16_t)sizeof(struct sctp_init_ack_chunk); 5931 padding_len = 0; 5932 5933 /* 5934 * We might not overwrite the identification[] completely and on 5935 * some platforms time_entered will contain some padding. 5936 * Therefore zero out the cookie to avoid putting 5937 * uninitialized memory on the wire. 5938 */ 5939 memset(&stc, 0, sizeof(struct sctp_state_cookie)); 5940 5941 /* the time I built cookie */ 5942 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); 5943 5944 /* populate any tie tags */ 5945 if (asoc != NULL) { 5946 /* unlock before tag selections */ 5947 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 5948 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 5949 stc.cookie_life = asoc->cookie_life; 5950 net = asoc->primary_destination; 5951 } else { 5952 stc.tie_tag_my_vtag = 0; 5953 stc.tie_tag_peer_vtag = 0; 5954 /* life I will award this cookie */ 5955 stc.cookie_life = inp->sctp_ep.def_cookie_life; 5956 } 5957 5958 /* copy in the ports for later check */ 5959 stc.myport = sh->dest_port; 5960 stc.peerport = sh->src_port; 5961 5962 /* 5963 * If we wanted to honor cookie life extentions, we would add to 5964 * stc.cookie_life. For now we should NOT honor any extension 5965 */ 5966 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 5967 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5968 stc.ipv6_addr_legal = 1; 5969 if (SCTP_IPV6_V6ONLY(inp)) { 5970 stc.ipv4_addr_legal = 0; 5971 } else { 5972 stc.ipv4_addr_legal = 1; 5973 } 5974#if defined(__Userspace__) 5975 stc.conn_addr_legal = 0; 5976#endif 5977 } else { 5978 stc.ipv6_addr_legal = 0; 5979#if defined(__Userspace__) 5980 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_CONN) { 5981 stc.conn_addr_legal = 1; 5982 stc.ipv4_addr_legal = 0; 5983 } else { 5984 stc.conn_addr_legal = 0; 5985 stc.ipv4_addr_legal = 1; 5986 } 5987#else 5988 stc.ipv4_addr_legal = 1; 5989#endif 5990 } 5991#ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 5992 stc.ipv4_scope = 1; 5993#else 5994 stc.ipv4_scope = 0; 5995#endif 5996 if (net == NULL) { 5997 to = src; 5998 switch (dst->sa_family) { 5999#ifdef INET 6000 case AF_INET: 6001 { 6002 /* lookup address */ 6003 stc.address[0] = src4->sin_addr.s_addr; 6004 stc.address[1] = 0; 6005 stc.address[2] = 0; 6006 stc.address[3] = 0; 6007 stc.addr_type = SCTP_IPV4_ADDRESS; 6008 /* local from address */ 6009 stc.laddress[0] = dst4->sin_addr.s_addr; 6010 stc.laddress[1] = 0; 6011 stc.laddress[2] = 0; 6012 stc.laddress[3] = 0; 6013 stc.laddr_type = SCTP_IPV4_ADDRESS; 6014 /* scope_id is only for v6 */ 6015 stc.scope_id = 0; 6016#ifndef SCTP_DONT_DO_PRIVADDR_SCOPE 6017 if (IN4_ISPRIVATE_ADDRESS(&src4->sin_addr)) { 6018 stc.ipv4_scope = 1; 6019 } 6020#else 6021 stc.ipv4_scope = 1; 6022#endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 6023 /* Must use the address in this case */ 6024 if (sctp_is_address_on_local_host(src, vrf_id)) { 6025 stc.loopback_scope = 1; 6026 stc.ipv4_scope = 1; 6027 stc.site_scope = 1; 6028 stc.local_scope = 0; 6029 } 6030 break; 6031 } 6032#endif 6033#ifdef INET6 6034 case AF_INET6: 6035 { 6036 stc.addr_type = SCTP_IPV6_ADDRESS; 6037 memcpy(&stc.address, &src6->sin6_addr, sizeof(struct in6_addr)); 6038#if defined(__FreeBSD__) && (((__FreeBSD_version < 900000) && (__FreeBSD_version >= 804000)) || (__FreeBSD_version > 900000)) 6039 stc.scope_id = in6_getscope(&src6->sin6_addr); 6040#else 6041 stc.scope_id = 0; 6042#endif 6043 if (sctp_is_address_on_local_host(src, vrf_id)) { 6044 stc.loopback_scope = 1; 6045 stc.local_scope = 0; 6046 stc.site_scope = 1; 6047 stc.ipv4_scope = 1; 6048 } else if (IN6_IS_ADDR_LINKLOCAL(&src6->sin6_addr)) { 6049 /* 6050 * If the new destination is a LINK_LOCAL we 6051 * must have common both site and local 6052 * scope. Don't set local scope though since 6053 * we must depend on the source to be added 6054 * implicitly. We cannot assure just because 6055 * we share one link that all links are 6056 * common. 6057 */ 6058#if defined(__APPLE__) 6059 /* Mac OS X currently doesn't have in6_getscope() */ 6060 stc.scope_id = src6->sin6_addr.s6_addr16[1]; 6061#endif 6062 stc.local_scope = 0; 6063 stc.site_scope = 1; 6064 stc.ipv4_scope = 1; 6065 /* 6066 * we start counting for the private address 6067 * stuff at 1. since the link local we 6068 * source from won't show up in our scoped 6069 * count. 6070 */ 6071 cnt_inits_to = 1; 6072 /* pull out the scope_id from incoming pkt */ 6073 } else if (IN6_IS_ADDR_SITELOCAL(&src6->sin6_addr)) { 6074 /* 6075 * If the new destination is SITE_LOCAL then 6076 * we must have site scope in common. 6077 */ 6078 stc.site_scope = 1; 6079 } 6080 memcpy(&stc.laddress, &dst6->sin6_addr, sizeof(struct in6_addr)); 6081 stc.laddr_type = SCTP_IPV6_ADDRESS; 6082 break; 6083 } 6084#endif 6085#if defined(__Userspace__) 6086 case AF_CONN: 6087 { 6088 /* lookup address */ 6089 stc.address[0] = 0; 6090 stc.address[1] = 0; 6091 stc.address[2] = 0; 6092 stc.address[3] = 0; 6093 memcpy(&stc.address, &srcconn->sconn_addr, sizeof(void *)); 6094 stc.addr_type = SCTP_CONN_ADDRESS; 6095 /* local from address */ 6096 stc.laddress[0] = 0; 6097 stc.laddress[1] = 0; 6098 stc.laddress[2] = 0; 6099 stc.laddress[3] = 0; 6100 memcpy(&stc.laddress, &dstconn->sconn_addr, sizeof(void *)); 6101 stc.laddr_type = SCTP_CONN_ADDRESS; 6102 /* scope_id is only for v6 */ 6103 stc.scope_id = 0; 6104 break; 6105 } 6106#endif 6107 default: 6108 /* TSNH */ 6109 goto do_a_abort; 6110 break; 6111 } 6112 } else { 6113 /* set the scope per the existing tcb */ 6114 6115#ifdef INET6 6116 struct sctp_nets *lnet; 6117#endif 6118 6119 stc.loopback_scope = asoc->scope.loopback_scope; 6120 stc.ipv4_scope = asoc->scope.ipv4_local_scope; 6121 stc.site_scope = asoc->scope.site_scope; 6122 stc.local_scope = asoc->scope.local_scope; 6123#ifdef INET6 6124 /* Why do we not consider IPv4 LL addresses? */ 6125 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 6126 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) { 6127 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) { 6128 /* 6129 * if we have a LL address, start 6130 * counting at 1. 6131 */ 6132 cnt_inits_to = 1; 6133 } 6134 } 6135 } 6136#endif 6137 /* use the net pointer */ 6138 to = (struct sockaddr *)&net->ro._l_addr; 6139 switch (to->sa_family) { 6140#ifdef INET 6141 case AF_INET: 6142 sin = (struct sockaddr_in *)to; 6143 stc.address[0] = sin->sin_addr.s_addr; 6144 stc.address[1] = 0; 6145 stc.address[2] = 0; 6146 stc.address[3] = 0; 6147 stc.addr_type = SCTP_IPV4_ADDRESS; 6148 if (net->src_addr_selected == 0) { 6149 /* 6150 * strange case here, the INIT should have 6151 * did the selection. 6152 */ 6153 net->ro._s_addr = sctp_source_address_selection(inp, 6154 stcb, (sctp_route_t *)&net->ro, 6155 net, 0, vrf_id); 6156 if (net->ro._s_addr == NULL) 6157 return; 6158 6159 net->src_addr_selected = 1; 6160 6161 } 6162 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr; 6163 stc.laddress[1] = 0; 6164 stc.laddress[2] = 0; 6165 stc.laddress[3] = 0; 6166 stc.laddr_type = SCTP_IPV4_ADDRESS; 6167 /* scope_id is only for v6 */ 6168 stc.scope_id = 0; 6169 break; 6170#endif 6171#ifdef INET6 6172 case AF_INET6: 6173 sin6 = (struct sockaddr_in6 *)to; 6174 memcpy(&stc.address, &sin6->sin6_addr, 6175 sizeof(struct in6_addr)); 6176 stc.addr_type = SCTP_IPV6_ADDRESS; 6177 stc.scope_id = sin6->sin6_scope_id; 6178 if (net->src_addr_selected == 0) { 6179 /* 6180 * strange case here, the INIT should have 6181 * done the selection. 6182 */ 6183 net->ro._s_addr = sctp_source_address_selection(inp, 6184 stcb, (sctp_route_t *)&net->ro, 6185 net, 0, vrf_id); 6186 if (net->ro._s_addr == NULL) 6187 return; 6188 6189 net->src_addr_selected = 1; 6190 } 6191 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr, 6192 sizeof(struct in6_addr)); 6193 stc.laddr_type = SCTP_IPV6_ADDRESS; 6194 break; 6195#endif 6196#if defined(__Userspace__) 6197 case AF_CONN: 6198 sconn = (struct sockaddr_conn *)to; 6199 stc.address[0] = 0; 6200 stc.address[1] = 0; 6201 stc.address[2] = 0; 6202 stc.address[3] = 0; 6203 memcpy(&stc.address, &sconn->sconn_addr, sizeof(void *)); 6204 stc.addr_type = SCTP_CONN_ADDRESS; 6205 stc.laddress[0] = 0; 6206 stc.laddress[1] = 0; 6207 stc.laddress[2] = 0; 6208 stc.laddress[3] = 0; 6209 memcpy(&stc.laddress, &sconn->sconn_addr, sizeof(void *)); 6210 stc.laddr_type = SCTP_CONN_ADDRESS; 6211 stc.scope_id = 0; 6212 break; 6213#endif 6214 } 6215 } 6216 /* Now lets put the SCTP header in place */ 6217 initack = mtod(m, struct sctp_init_ack_chunk *); 6218 /* Save it off for quick ref */ 6219 stc.peers_vtag = init_chk->init.initiate_tag; 6220 /* who are we */ 6221 memcpy(stc.identification, SCTP_VERSION_STRING, 6222 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 6223 memset(stc.reserved, 0, SCTP_RESERVE_SPACE); 6224 /* now the chunk header */ 6225 initack->ch.chunk_type = SCTP_INITIATION_ACK; 6226 initack->ch.chunk_flags = 0; 6227 /* fill in later from mbuf we build */ 6228 initack->ch.chunk_length = 0; 6229 /* place in my tag */ 6230 if ((asoc != NULL) && 6231 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 6232 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) || 6233 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 6234 /* re-use the v-tags and init-seq here */ 6235 initack->init.initiate_tag = htonl(asoc->my_vtag); 6236 initack->init.initial_tsn = htonl(asoc->init_seq_number); 6237 } else { 6238 uint32_t vtag, itsn; 6239 if (hold_inp_lock) { 6240 SCTP_INP_INCR_REF(inp); 6241 SCTP_INP_RUNLOCK(inp); 6242 } 6243 if (asoc) { 6244 atomic_add_int(&asoc->refcnt, 1); 6245 SCTP_TCB_UNLOCK(stcb); 6246 new_tag: 6247 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 6248 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) { 6249 /* Got a duplicate vtag on some guy behind a nat 6250 * make sure we don't use it. 6251 */ 6252 goto new_tag; 6253 } 6254 initack->init.initiate_tag = htonl(vtag); 6255 /* get a TSN to use too */ 6256 itsn = sctp_select_initial_TSN(&inp->sctp_ep); 6257 initack->init.initial_tsn = htonl(itsn); 6258 SCTP_TCB_LOCK(stcb); 6259 atomic_add_int(&asoc->refcnt, -1); 6260 } else { 6261 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 6262 initack->init.initiate_tag = htonl(vtag); 6263 /* get a TSN to use too */ 6264 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 6265 } 6266 if (hold_inp_lock) { 6267 SCTP_INP_RLOCK(inp); 6268 SCTP_INP_DECR_REF(inp); 6269 } 6270 } 6271 /* save away my tag to */ 6272 stc.my_vtag = initack->init.initiate_tag; 6273 6274 /* set up some of the credits. */ 6275 so = inp->sctp_socket; 6276 if (so == NULL) { 6277 /* memory problem */ 6278 sctp_m_freem(m); 6279 return; 6280 } else { 6281 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND)); 6282 } 6283 /* set what I want */ 6284 his_limit = ntohs(init_chk->init.num_inbound_streams); 6285 /* choose what I want */ 6286 if (asoc != NULL) { 6287 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) { 6288 i_want = asoc->streamoutcnt; 6289 } else { 6290 i_want = inp->sctp_ep.pre_open_stream_count; 6291 } 6292 } else { 6293 i_want = inp->sctp_ep.pre_open_stream_count; 6294 } 6295 if (his_limit < i_want) { 6296 /* I Want more :< */ 6297 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams; 6298 } else { 6299 /* I can have what I want :> */ 6300 initack->init.num_outbound_streams = htons(i_want); 6301 } 6302 /* tell him his limit. */ 6303 initack->init.num_inbound_streams = 6304 htons(inp->sctp_ep.max_open_streams_intome); 6305 6306 /* adaptation layer indication parameter */ 6307 if (inp->sctp_ep.adaptation_layer_indicator_provided) { 6308 parameter_len = (uint16_t)sizeof(struct sctp_adaptation_layer_indication); 6309 ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t) + chunk_len); 6310 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 6311 ali->ph.param_length = htons(parameter_len); 6312 ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator); 6313 chunk_len += parameter_len; 6314 } 6315 6316 /* ECN parameter */ 6317 if (((asoc != NULL) && (asoc->ecn_supported == 1)) || 6318 ((asoc == NULL) && (inp->ecn_supported == 1))) { 6319 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 6320 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len); 6321 ph->param_type = htons(SCTP_ECN_CAPABLE); 6322 ph->param_length = htons(parameter_len); 6323 chunk_len += parameter_len; 6324 } 6325 6326 /* PR-SCTP supported parameter */ 6327 if (((asoc != NULL) && (asoc->prsctp_supported == 1)) || 6328 ((asoc == NULL) && (inp->prsctp_supported == 1))) { 6329 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 6330 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len); 6331 ph->param_type = htons(SCTP_PRSCTP_SUPPORTED); 6332 ph->param_length = htons(parameter_len); 6333 chunk_len += parameter_len; 6334 } 6335 6336 /* Add NAT friendly parameter */ 6337 if (nat_friendly) { 6338 parameter_len = (uint16_t)sizeof(struct sctp_paramhdr); 6339 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len); 6340 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 6341 ph->param_length = htons(parameter_len); 6342 chunk_len += parameter_len; 6343 } 6344 6345 /* And now tell the peer which extensions we support */ 6346 num_ext = 0; 6347 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t) + chunk_len); 6348 if (((asoc != NULL) && (asoc->prsctp_supported == 1)) || 6349 ((asoc == NULL) && (inp->prsctp_supported == 1))) { 6350 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 6351 } 6352 if (((asoc != NULL) && (asoc->auth_supported == 1)) || 6353 ((asoc == NULL) && (inp->auth_supported == 1))) { 6354 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 6355 } 6356 if (((asoc != NULL) && (asoc->asconf_supported == 1)) || 6357 ((asoc == NULL) && (inp->asconf_supported == 1))) { 6358 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 6359 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 6360 } 6361 if (((asoc != NULL) && (asoc->reconfig_supported == 1)) || 6362 ((asoc == NULL) && (inp->reconfig_supported == 1))) { 6363 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 6364 } 6365 if (((asoc != NULL) && (asoc->nrsack_supported == 1)) || 6366 ((asoc == NULL) && (inp->nrsack_supported == 1))) { 6367 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 6368 } 6369 if (((asoc != NULL) && (asoc->pktdrop_supported == 1)) || 6370 ((asoc == NULL) && (inp->pktdrop_supported == 1))) { 6371 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 6372 } 6373 if (num_ext > 0) { 6374 parameter_len = (uint16_t)sizeof(struct sctp_supported_chunk_types_param) + num_ext; 6375 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 6376 pr_supported->ph.param_length = htons(parameter_len); 6377 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6378 chunk_len += parameter_len; 6379 } 6380 6381 /* add authentication parameters */ 6382 if (((asoc != NULL) && (asoc->auth_supported == 1)) || 6383 ((asoc == NULL) && (inp->auth_supported == 1))) { 6384 struct sctp_auth_random *randp; 6385 struct sctp_auth_hmac_algo *hmacs; 6386 struct sctp_auth_chunk_list *chunks; 6387 6388 if (padding_len > 0) { 6389 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 6390 chunk_len += padding_len; 6391 padding_len = 0; 6392 } 6393 /* generate and add RANDOM parameter */ 6394 randp = (struct sctp_auth_random *)(mtod(m, caddr_t) + chunk_len); 6395 parameter_len = (uint16_t)sizeof(struct sctp_auth_random) + 6396 SCTP_AUTH_RANDOM_SIZE_DEFAULT; 6397 randp->ph.param_type = htons(SCTP_RANDOM); 6398 randp->ph.param_length = htons(parameter_len); 6399 SCTP_READ_RANDOM(randp->random_data, SCTP_AUTH_RANDOM_SIZE_DEFAULT); 6400 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6401 chunk_len += parameter_len; 6402 6403 if (padding_len > 0) { 6404 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 6405 chunk_len += padding_len; 6406 padding_len = 0; 6407 } 6408 /* add HMAC_ALGO parameter */ 6409 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t) + chunk_len); 6410 parameter_len = (uint16_t)sizeof(struct sctp_auth_hmac_algo) + 6411 sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs, 6412 (uint8_t *)hmacs->hmac_ids); 6413 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 6414 hmacs->ph.param_length = htons(parameter_len); 6415 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6416 chunk_len += parameter_len; 6417 6418 if (padding_len > 0) { 6419 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 6420 chunk_len += padding_len; 6421 padding_len = 0; 6422 } 6423 /* add CHUNKS parameter */ 6424 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t) + chunk_len); 6425 parameter_len = (uint16_t)sizeof(struct sctp_auth_chunk_list) + 6426 sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks, 6427 chunks->chunk_types); 6428 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 6429 chunks->ph.param_length = htons(parameter_len); 6430 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6431 chunk_len += parameter_len; 6432 } 6433 SCTP_BUF_LEN(m) = chunk_len; 6434 m_last = m; 6435 /* now the addresses */ 6436 /* To optimize this we could put the scoping stuff 6437 * into a structure and remove the individual uint8's from 6438 * the stc structure. Then we could just sifa in the 6439 * address within the stc.. but for now this is a quick 6440 * hack to get the address stuff teased apart. 6441 */ 6442 scp.ipv4_addr_legal = stc.ipv4_addr_legal; 6443 scp.ipv6_addr_legal = stc.ipv6_addr_legal; 6444#if defined(__Userspace__) 6445 scp.conn_addr_legal = stc.conn_addr_legal; 6446#endif 6447 scp.loopback_scope = stc.loopback_scope; 6448 scp.ipv4_local_scope = stc.ipv4_scope; 6449 scp.local_scope = stc.local_scope; 6450 scp.site_scope = stc.site_scope; 6451 m_last = sctp_add_addresses_to_i_ia(inp, stcb, &scp, m_last, 6452 cnt_inits_to, 6453 &padding_len, &chunk_len); 6454 /* padding_len can only be positive, if no addresses have been added */ 6455 if (padding_len > 0) { 6456 memset(mtod(m, caddr_t) + chunk_len, 0, padding_len); 6457 chunk_len += padding_len; 6458 SCTP_BUF_LEN(m) += padding_len; 6459 padding_len = 0; 6460 } 6461 6462 /* tack on the operational error if present */ 6463 if (op_err) { 6464 parameter_len = 0; 6465 for (m_tmp = op_err; m_tmp != NULL; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 6466 parameter_len += SCTP_BUF_LEN(m_tmp); 6467 } 6468 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6469 SCTP_BUF_NEXT(m_last) = op_err; 6470 while (SCTP_BUF_NEXT(m_last) != NULL) { 6471 m_last = SCTP_BUF_NEXT(m_last); 6472 } 6473 chunk_len += parameter_len; 6474 } 6475 if (padding_len > 0) { 6476 m_last = sctp_add_pad_tombuf(m_last, padding_len); 6477 if (m_last == NULL) { 6478 /* Houston we have a problem, no space */ 6479 sctp_m_freem(m); 6480 return; 6481 } 6482 chunk_len += padding_len; 6483 padding_len = 0; 6484 } 6485 /* Now we must build a cookie */ 6486 m_cookie = sctp_add_cookie(init_pkt, offset, m, 0, &stc, &signature); 6487 if (m_cookie == NULL) { 6488 /* memory problem */ 6489 sctp_m_freem(m); 6490 return; 6491 } 6492 /* Now append the cookie to the end and update the space/size */ 6493 SCTP_BUF_NEXT(m_last) = m_cookie; 6494 parameter_len = 0; 6495 for (m_tmp = m_cookie; m_tmp != NULL; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 6496 parameter_len += SCTP_BUF_LEN(m_tmp); 6497 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 6498 m_last = m_tmp; 6499 } 6500 } 6501 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6502 chunk_len += parameter_len; 6503 6504 /* Place in the size, but we don't include 6505 * the last pad (if any) in the INIT-ACK. 6506 */ 6507 initack->ch.chunk_length = htons(chunk_len); 6508 6509 /* Time to sign the cookie, we don't sign over the cookie 6510 * signature though thus we set trailer. 6511 */ 6512 (void)sctp_hmac_m(SCTP_HMAC, 6513 (uint8_t *)inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], 6514 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), 6515 (uint8_t *)signature, SCTP_SIGNATURE_SIZE); 6516 /* 6517 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 6518 * here since the timer will drive a retranmission. 6519 */ 6520 if (padding_len > 0) { 6521 if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) { 6522 sctp_m_freem(m); 6523 return; 6524 } 6525 } 6526 if (stc.loopback_scope) { 6527 over_addr = (union sctp_sockstore *)dst; 6528 } else { 6529 over_addr = NULL; 6530 } 6531 6532 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0, 6533 0, 0, 6534 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag, 6535 port, over_addr, 6536#if defined(__FreeBSD__) 6537 use_mflowid, mflowid, 6538#endif 6539 SCTP_SO_NOT_LOCKED); 6540 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 6541} 6542 6543 6544static void 6545sctp_prune_prsctp(struct sctp_tcb *stcb, 6546 struct sctp_association *asoc, 6547 struct sctp_sndrcvinfo *srcv, 6548 int dataout) 6549{ 6550 int freed_spc = 0; 6551 struct sctp_tmit_chunk *chk, *nchk; 6552 6553 SCTP_TCB_LOCK_ASSERT(stcb); 6554 if ((asoc->prsctp_supported) && 6555 (asoc->sent_queue_cnt_removeable > 0)) { 6556 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 6557 /* 6558 * Look for chunks marked with the PR_SCTP flag AND 6559 * the buffer space flag. If the one being sent is 6560 * equal or greater priority then purge the old one 6561 * and free some space. 6562 */ 6563 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 6564 /* 6565 * This one is PR-SCTP AND buffer space 6566 * limited type 6567 */ 6568 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 6569 /* 6570 * Lower numbers equates to higher 6571 * priority so if the one we are 6572 * looking at has a larger or equal 6573 * priority we want to drop the data 6574 * and NOT retransmit it. 6575 */ 6576 if (chk->data) { 6577 /* 6578 * We release the book_size 6579 * if the mbuf is here 6580 */ 6581 int ret_spc; 6582 uint8_t sent; 6583 6584 if (chk->sent > SCTP_DATAGRAM_UNSENT) 6585 sent = 1; 6586 else 6587 sent = 0; 6588 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 6589 sent, 6590 SCTP_SO_LOCKED); 6591 freed_spc += ret_spc; 6592 if (freed_spc >= dataout) { 6593 return; 6594 } 6595 } /* if chunk was present */ 6596 } /* if of sufficent priority */ 6597 } /* if chunk has enabled */ 6598 } /* tailqforeach */ 6599 6600 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 6601 /* Here we must move to the sent queue and mark */ 6602 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 6603 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 6604 if (chk->data) { 6605 /* 6606 * We release the book_size 6607 * if the mbuf is here 6608 */ 6609 int ret_spc; 6610 6611 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 6612 0, SCTP_SO_LOCKED); 6613 6614 freed_spc += ret_spc; 6615 if (freed_spc >= dataout) { 6616 return; 6617 } 6618 } /* end if chk->data */ 6619 } /* end if right class */ 6620 } /* end if chk pr-sctp */ 6621 } /* tailqforeachsafe (chk) */ 6622 } /* if enabled in asoc */ 6623} 6624 6625int 6626sctp_get_frag_point(struct sctp_tcb *stcb, 6627 struct sctp_association *asoc) 6628{ 6629 int siz, ovh; 6630 6631 /* 6632 * For endpoints that have both v6 and v4 addresses we must reserve 6633 * room for the ipv6 header, for those that are only dealing with V4 6634 * we use a larger frag point. 6635 */ 6636 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 6637 ovh = SCTP_MED_OVERHEAD; 6638 } else { 6639 ovh = SCTP_MED_V4_OVERHEAD; 6640 } 6641 6642 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu) 6643 siz = asoc->smallest_mtu - ovh; 6644 else 6645 siz = (stcb->asoc.sctp_frag_point - ovh); 6646 /* 6647 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { 6648 */ 6649 /* A data chunk MUST fit in a cluster */ 6650 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */ 6651 /* } */ 6652 6653 /* adjust for an AUTH chunk if DATA requires auth */ 6654 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) 6655 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 6656 6657 if (siz % 4) { 6658 /* make it an even word boundary please */ 6659 siz -= (siz % 4); 6660 } 6661 return (siz); 6662} 6663 6664static void 6665sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp) 6666{ 6667 /* 6668 * We assume that the user wants PR_SCTP_TTL if the user 6669 * provides a positive lifetime but does not specify any 6670 * PR_SCTP policy. 6671 */ 6672 if (PR_SCTP_ENABLED(sp->sinfo_flags)) { 6673 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 6674 } else if (sp->timetolive > 0) { 6675 sp->sinfo_flags |= SCTP_PR_SCTP_TTL; 6676 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 6677 } else { 6678 return; 6679 } 6680 switch (PR_SCTP_POLICY(sp->sinfo_flags)) { 6681 case CHUNK_FLAGS_PR_SCTP_BUF: 6682 /* 6683 * Time to live is a priority stored in tv_sec when 6684 * doing the buffer drop thing. 6685 */ 6686 sp->ts.tv_sec = sp->timetolive; 6687 sp->ts.tv_usec = 0; 6688 break; 6689 case CHUNK_FLAGS_PR_SCTP_TTL: 6690 { 6691 struct timeval tv; 6692 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 6693 tv.tv_sec = sp->timetolive / 1000; 6694 tv.tv_usec = (sp->timetolive * 1000) % 1000000; 6695 /* TODO sctp_constants.h needs alternative time macros when 6696 * _KERNEL is undefined. 6697 */ 6698#ifndef __FreeBSD__ 6699 timeradd(&sp->ts, &tv, &sp->ts); 6700#else 6701 timevaladd(&sp->ts, &tv); 6702#endif 6703 } 6704 break; 6705 case CHUNK_FLAGS_PR_SCTP_RTX: 6706 /* 6707 * Time to live is a the number or retransmissions 6708 * stored in tv_sec. 6709 */ 6710 sp->ts.tv_sec = sp->timetolive; 6711 sp->ts.tv_usec = 0; 6712 break; 6713 default: 6714 SCTPDBG(SCTP_DEBUG_USRREQ1, 6715 "Unknown PR_SCTP policy %u.\n", 6716 PR_SCTP_POLICY(sp->sinfo_flags)); 6717 break; 6718 } 6719} 6720 6721static int 6722sctp_msg_append(struct sctp_tcb *stcb, 6723 struct sctp_nets *net, 6724 struct mbuf *m, 6725 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock) 6726{ 6727 int error = 0; 6728 struct mbuf *at; 6729 struct sctp_stream_queue_pending *sp = NULL; 6730 struct sctp_stream_out *strm; 6731 6732 /* Given an mbuf chain, put it 6733 * into the association send queue and 6734 * place it on the wheel 6735 */ 6736 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) { 6737 /* Invalid stream number */ 6738 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 6739 error = EINVAL; 6740 goto out_now; 6741 } 6742 if ((stcb->asoc.stream_locked) && 6743 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { 6744 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 6745 error = EINVAL; 6746 goto out_now; 6747 } 6748 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 6749 /* Now can we send this? */ 6750 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) || 6751 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 6752 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 6753 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { 6754 /* got data while shutting down */ 6755 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 6756 error = ECONNRESET; 6757 goto out_now; 6758 } 6759 sctp_alloc_a_strmoq(stcb, sp); 6760 if (sp == NULL) { 6761 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6762 error = ENOMEM; 6763 goto out_now; 6764 } 6765 sp->sinfo_flags = srcv->sinfo_flags; 6766 sp->timetolive = srcv->sinfo_timetolive; 6767 sp->ppid = srcv->sinfo_ppid; 6768 sp->context = srcv->sinfo_context; 6769 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 6770 sp->net = net; 6771 atomic_add_int(&sp->net->ref_count, 1); 6772 } else { 6773 sp->net = NULL; 6774 } 6775 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 6776 sp->stream = srcv->sinfo_stream; 6777 sp->msg_is_complete = 1; 6778 sp->sender_all_done = 1; 6779 sp->some_taken = 0; 6780 sp->data = m; 6781 sp->tail_mbuf = NULL; 6782 sctp_set_prsctp_policy(sp); 6783 /* We could in theory (for sendall) sifa the length 6784 * in, but we would still have to hunt through the 6785 * chain since we need to setup the tail_mbuf 6786 */ 6787 sp->length = 0; 6788 for (at = m; at; at = SCTP_BUF_NEXT(at)) { 6789 if (SCTP_BUF_NEXT(at) == NULL) 6790 sp->tail_mbuf = at; 6791 sp->length += SCTP_BUF_LEN(at); 6792 } 6793 if (srcv->sinfo_keynumber_valid) { 6794 sp->auth_keyid = srcv->sinfo_keynumber; 6795 } else { 6796 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 6797 } 6798 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 6799 sctp_auth_key_acquire(stcb, sp->auth_keyid); 6800 sp->holds_key_ref = 1; 6801 } 6802 if (hold_stcb_lock == 0) { 6803 SCTP_TCB_SEND_LOCK(stcb); 6804 } 6805 sctp_snd_sb_alloc(stcb, sp->length); 6806 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1); 6807 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 6808 stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, &stcb->asoc, strm, sp, 1); 6809 m = NULL; 6810 if (hold_stcb_lock == 0) { 6811 SCTP_TCB_SEND_UNLOCK(stcb); 6812 } 6813out_now: 6814 if (m) { 6815 sctp_m_freem(m); 6816 } 6817 return (error); 6818} 6819 6820 6821static struct mbuf * 6822sctp_copy_mbufchain(struct mbuf *clonechain, 6823 struct mbuf *outchain, 6824 struct mbuf **endofchain, 6825 int can_take_mbuf, 6826 int sizeofcpy, 6827 uint8_t copy_by_ref) 6828{ 6829 struct mbuf *m; 6830 struct mbuf *appendchain; 6831 caddr_t cp; 6832 int len; 6833 6834 if (endofchain == NULL) { 6835 /* error */ 6836 error_out: 6837 if (outchain) 6838 sctp_m_freem(outchain); 6839 return (NULL); 6840 } 6841 if (can_take_mbuf) { 6842 appendchain = clonechain; 6843 } else { 6844 if (!copy_by_ref && 6845#if defined(__Panda__) 6846 0 6847#else 6848 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN))) 6849#endif 6850 ) { 6851 /* Its not in a cluster */ 6852 if (*endofchain == NULL) { 6853 /* lets get a mbuf cluster */ 6854 if (outchain == NULL) { 6855 /* This is the general case */ 6856 new_mbuf: 6857 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_HEADER); 6858 if (outchain == NULL) { 6859 goto error_out; 6860 } 6861 SCTP_BUF_LEN(outchain) = 0; 6862 *endofchain = outchain; 6863 /* get the prepend space */ 6864 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV+4)); 6865 } else { 6866 /* We really should not get a NULL in endofchain */ 6867 /* find end */ 6868 m = outchain; 6869 while (m) { 6870 if (SCTP_BUF_NEXT(m) == NULL) { 6871 *endofchain = m; 6872 break; 6873 } 6874 m = SCTP_BUF_NEXT(m); 6875 } 6876 /* sanity */ 6877 if (*endofchain == NULL) { 6878 /* huh, TSNH XXX maybe we should panic */ 6879 sctp_m_freem(outchain); 6880 goto new_mbuf; 6881 } 6882 } 6883 /* get the new end of length */ 6884 len = M_TRAILINGSPACE(*endofchain); 6885 } else { 6886 /* how much is left at the end? */ 6887 len = M_TRAILINGSPACE(*endofchain); 6888 } 6889 /* Find the end of the data, for appending */ 6890 cp = (mtod((*endofchain), caddr_t) + SCTP_BUF_LEN((*endofchain))); 6891 6892 /* Now lets copy it out */ 6893 if (len >= sizeofcpy) { 6894 /* It all fits, copy it in */ 6895 m_copydata(clonechain, 0, sizeofcpy, cp); 6896 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 6897 } else { 6898 /* fill up the end of the chain */ 6899 if (len > 0) { 6900 m_copydata(clonechain, 0, len, cp); 6901 SCTP_BUF_LEN((*endofchain)) += len; 6902 /* now we need another one */ 6903 sizeofcpy -= len; 6904 } 6905 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_HEADER); 6906 if (m == NULL) { 6907 /* We failed */ 6908 goto error_out; 6909 } 6910 SCTP_BUF_NEXT((*endofchain)) = m; 6911 *endofchain = m; 6912 cp = mtod((*endofchain), caddr_t); 6913 m_copydata(clonechain, len, sizeofcpy, cp); 6914 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 6915 } 6916 return (outchain); 6917 } else { 6918 /* copy the old fashion way */ 6919 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_NOWAIT); 6920#ifdef SCTP_MBUF_LOGGING 6921 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6922 struct mbuf *mat; 6923 6924 for (mat = appendchain; mat; mat = SCTP_BUF_NEXT(mat)) { 6925 if (SCTP_BUF_IS_EXTENDED(mat)) { 6926 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 6927 } 6928 } 6929 } 6930#endif 6931 } 6932 } 6933 if (appendchain == NULL) { 6934 /* error */ 6935 if (outchain) 6936 sctp_m_freem(outchain); 6937 return (NULL); 6938 } 6939 if (outchain) { 6940 /* tack on to the end */ 6941 if (*endofchain != NULL) { 6942 SCTP_BUF_NEXT(((*endofchain))) = appendchain; 6943 } else { 6944 m = outchain; 6945 while (m) { 6946 if (SCTP_BUF_NEXT(m) == NULL) { 6947 SCTP_BUF_NEXT(m) = appendchain; 6948 break; 6949 } 6950 m = SCTP_BUF_NEXT(m); 6951 } 6952 } 6953 /* 6954 * save off the end and update the end-chain 6955 * postion 6956 */ 6957 m = appendchain; 6958 while (m) { 6959 if (SCTP_BUF_NEXT(m) == NULL) { 6960 *endofchain = m; 6961 break; 6962 } 6963 m = SCTP_BUF_NEXT(m); 6964 } 6965 return (outchain); 6966 } else { 6967 /* save off the end and update the end-chain postion */ 6968 m = appendchain; 6969 while (m) { 6970 if (SCTP_BUF_NEXT(m) == NULL) { 6971 *endofchain = m; 6972 break; 6973 } 6974 m = SCTP_BUF_NEXT(m); 6975 } 6976 return (appendchain); 6977 } 6978} 6979 6980static int 6981sctp_med_chunk_output(struct sctp_inpcb *inp, 6982 struct sctp_tcb *stcb, 6983 struct sctp_association *asoc, 6984 int *num_out, 6985 int *reason_code, 6986 int control_only, int from_where, 6987 struct timeval *now, int *now_filled, int frag_point, int so_locked 6988#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 6989 SCTP_UNUSED 6990#endif 6991 ); 6992 6993static void 6994sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, 6995 uint32_t val SCTP_UNUSED) 6996{ 6997 struct sctp_copy_all *ca; 6998 struct mbuf *m; 6999 int ret = 0; 7000 int added_control = 0; 7001 int un_sent, do_chunk_output = 1; 7002 struct sctp_association *asoc; 7003 struct sctp_nets *net; 7004 7005 ca = (struct sctp_copy_all *)ptr; 7006 if (ca->m == NULL) { 7007 return; 7008 } 7009 if (ca->inp != inp) { 7010 /* TSNH */ 7011 return; 7012 } 7013 if (ca->sndlen > 0) { 7014 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_NOWAIT); 7015 if (m == NULL) { 7016 /* can't copy so we are done */ 7017 ca->cnt_failed++; 7018 return; 7019 } 7020#ifdef SCTP_MBUF_LOGGING 7021 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 7022 struct mbuf *mat; 7023 7024 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 7025 if (SCTP_BUF_IS_EXTENDED(mat)) { 7026 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 7027 } 7028 } 7029 } 7030#endif 7031 } else { 7032 m = NULL; 7033 } 7034 SCTP_TCB_LOCK_ASSERT(stcb); 7035 if (stcb->asoc.alternate) { 7036 net = stcb->asoc.alternate; 7037 } else { 7038 net = stcb->asoc.primary_destination; 7039 } 7040 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) { 7041 /* Abort this assoc with m as the user defined reason */ 7042 if (m != NULL) { 7043 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_NOWAIT); 7044 } else { 7045 m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 7046 0, M_NOWAIT, 1, MT_DATA); 7047 SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); 7048 } 7049 if (m != NULL) { 7050 struct sctp_paramhdr *ph; 7051 7052 ph = mtod(m, struct sctp_paramhdr *); 7053 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 7054 ph->param_length = htons(sizeof(struct sctp_paramhdr) + ca->sndlen); 7055 } 7056 /* We add one here to keep the assoc from 7057 * dis-appearing on us. 7058 */ 7059 atomic_add_int(&stcb->asoc.refcnt, 1); 7060 sctp_abort_an_association(inp, stcb, m, SCTP_SO_NOT_LOCKED); 7061 /* sctp_abort_an_association calls sctp_free_asoc() 7062 * free association will NOT free it since we 7063 * incremented the refcnt .. we do this to prevent 7064 * it being freed and things getting tricky since 7065 * we could end up (from free_asoc) calling inpcb_free 7066 * which would get a recursive lock call to the 7067 * iterator lock.. But as a consequence of that the 7068 * stcb will return to us un-locked.. since free_asoc 7069 * returns with either no TCB or the TCB unlocked, we 7070 * must relock.. to unlock in the iterator timer :-0 7071 */ 7072 SCTP_TCB_LOCK(stcb); 7073 atomic_add_int(&stcb->asoc.refcnt, -1); 7074 goto no_chunk_output; 7075 } else { 7076 if (m) { 7077 ret = sctp_msg_append(stcb, net, m, 7078 &ca->sndrcv, 1); 7079 } 7080 asoc = &stcb->asoc; 7081 if (ca->sndrcv.sinfo_flags & SCTP_EOF) { 7082 /* shutdown this assoc */ 7083 int cnt; 7084 cnt = sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED); 7085 7086 if (TAILQ_EMPTY(&asoc->send_queue) && 7087 TAILQ_EMPTY(&asoc->sent_queue) && 7088 (cnt == 0)) { 7089 if (asoc->locked_on_sending) { 7090 goto abort_anyway; 7091 } 7092 /* there is nothing queued to send, so I'm done... */ 7093 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 7094 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 7095 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7096 /* only send SHUTDOWN the first time through */ 7097 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 7098 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 7099 } 7100 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 7101 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 7102 sctp_stop_timers_for_shutdown(stcb); 7103 sctp_send_shutdown(stcb, net); 7104 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 7105 net); 7106 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 7107 asoc->primary_destination); 7108 added_control = 1; 7109 do_chunk_output = 0; 7110 } 7111 } else { 7112 /* 7113 * we still got (or just got) data to send, so set 7114 * SHUTDOWN_PENDING 7115 */ 7116 /* 7117 * XXX sockets draft says that SCTP_EOF should be 7118 * sent with no data. currently, we will allow user 7119 * data to be sent first and move to 7120 * SHUTDOWN-PENDING 7121 */ 7122 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 7123 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 7124 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7125 if (asoc->locked_on_sending) { 7126 /* Locked to send out the data */ 7127 struct sctp_stream_queue_pending *sp; 7128 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 7129 if (sp) { 7130 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 7131 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 7132 } 7133 } 7134 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 7135 if (TAILQ_EMPTY(&asoc->send_queue) && 7136 TAILQ_EMPTY(&asoc->sent_queue) && 7137 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 7138 abort_anyway: 7139 atomic_add_int(&stcb->asoc.refcnt, 1); 7140 sctp_abort_an_association(stcb->sctp_ep, stcb, 7141 NULL, SCTP_SO_NOT_LOCKED); 7142 atomic_add_int(&stcb->asoc.refcnt, -1); 7143 goto no_chunk_output; 7144 } 7145 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 7146 asoc->primary_destination); 7147 } 7148 } 7149 7150 } 7151 } 7152 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 7153 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 7154 7155 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 7156 (stcb->asoc.total_flight > 0) && 7157 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 7158 do_chunk_output = 0; 7159 } 7160 if (do_chunk_output) 7161 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED); 7162 else if (added_control) { 7163 int num_out = 0, reason = 0, now_filled = 0; 7164 struct timeval now; 7165 int frag_point; 7166 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 7167 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 7168 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED); 7169 } 7170 no_chunk_output: 7171 if (ret) { 7172 ca->cnt_failed++; 7173 } else { 7174 ca->cnt_sent++; 7175 } 7176} 7177 7178static void 7179sctp_sendall_completes(void *ptr, uint32_t val SCTP_UNUSED) 7180{ 7181 struct sctp_copy_all *ca; 7182 7183 ca = (struct sctp_copy_all *)ptr; 7184 /* 7185 * Do a notify here? Kacheong suggests that the notify be done at 7186 * the send time.. so you would push up a notification if any send 7187 * failed. Don't know if this is feasable since the only failures we 7188 * have is "memory" related and if you cannot get an mbuf to send 7189 * the data you surely can't get an mbuf to send up to notify the 7190 * user you can't send the data :-> 7191 */ 7192 7193 /* now free everything */ 7194 sctp_m_freem(ca->m); 7195 SCTP_FREE(ca, SCTP_M_COPYAL); 7196} 7197 7198 7199#define MC_ALIGN(m, len) do { \ 7200 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \ 7201} while (0) 7202 7203 7204 7205static struct mbuf * 7206sctp_copy_out_all(struct uio *uio, int len) 7207{ 7208 struct mbuf *ret, *at; 7209 int left, willcpy, cancpy, error; 7210 7211 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAITOK, 1, MT_DATA); 7212 if (ret == NULL) { 7213 /* TSNH */ 7214 return (NULL); 7215 } 7216 left = len; 7217 SCTP_BUF_LEN(ret) = 0; 7218 /* save space for the data chunk header */ 7219 cancpy = M_TRAILINGSPACE(ret); 7220 willcpy = min(cancpy, left); 7221 at = ret; 7222 while (left > 0) { 7223 /* Align data to the end */ 7224 error = uiomove(mtod(at, caddr_t), willcpy, uio); 7225 if (error) { 7226 err_out_now: 7227 sctp_m_freem(at); 7228 return (NULL); 7229 } 7230 SCTP_BUF_LEN(at) = willcpy; 7231 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0; 7232 left -= willcpy; 7233 if (left > 0) { 7234 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 1, MT_DATA); 7235 if (SCTP_BUF_NEXT(at) == NULL) { 7236 goto err_out_now; 7237 } 7238 at = SCTP_BUF_NEXT(at); 7239 SCTP_BUF_LEN(at) = 0; 7240 cancpy = M_TRAILINGSPACE(at); 7241 willcpy = min(cancpy, left); 7242 } 7243 } 7244 return (ret); 7245} 7246 7247static int 7248sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, 7249 struct sctp_sndrcvinfo *srcv) 7250{ 7251 int ret; 7252 struct sctp_copy_all *ca; 7253 7254 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all), 7255 SCTP_M_COPYAL); 7256 if (ca == NULL) { 7257 sctp_m_freem(m); 7258 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 7259 return (ENOMEM); 7260 } 7261 memset(ca, 0, sizeof(struct sctp_copy_all)); 7262 7263 ca->inp = inp; 7264 if (srcv) { 7265 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo)); 7266 } 7267 /* 7268 * take off the sendall flag, it would be bad if we failed to do 7269 * this :-0 7270 */ 7271 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; 7272 /* get length and mbuf chain */ 7273 if (uio) { 7274#if defined(__APPLE__) 7275#if defined(APPLE_LEOPARD) 7276 ca->sndlen = uio->uio_resid; 7277#else 7278 ca->sndlen = uio_resid(uio); 7279#endif 7280#else 7281 ca->sndlen = uio->uio_resid; 7282#endif 7283#if defined(__APPLE__) 7284 SCTP_SOCKET_UNLOCK(SCTP_INP_SO(inp), 0); 7285#endif 7286 ca->m = sctp_copy_out_all(uio, ca->sndlen); 7287#if defined(__APPLE__) 7288 SCTP_SOCKET_LOCK(SCTP_INP_SO(inp), 0); 7289#endif 7290 if (ca->m == NULL) { 7291 SCTP_FREE(ca, SCTP_M_COPYAL); 7292 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 7293 return (ENOMEM); 7294 } 7295 } else { 7296 /* Gather the length of the send */ 7297 struct mbuf *mat; 7298 7299 ca->sndlen = 0; 7300 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 7301 ca->sndlen += SCTP_BUF_LEN(mat); 7302 } 7303 } 7304 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, 7305 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, 7306 SCTP_ASOC_ANY_STATE, 7307 (void *)ca, 0, 7308 sctp_sendall_completes, inp, 1); 7309 if (ret) { 7310 SCTP_PRINTF("Failed to initiate iterator for sendall\n"); 7311 SCTP_FREE(ca, SCTP_M_COPYAL); 7312 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 7313 return (EFAULT); 7314 } 7315 return (0); 7316} 7317 7318 7319void 7320sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc) 7321{ 7322 struct sctp_tmit_chunk *chk, *nchk; 7323 7324 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 7325 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 7326 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 7327 if (chk->data) { 7328 sctp_m_freem(chk->data); 7329 chk->data = NULL; 7330 } 7331 asoc->ctrl_queue_cnt--; 7332 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 7333 } 7334 } 7335} 7336 7337void 7338sctp_toss_old_asconf(struct sctp_tcb *stcb) 7339{ 7340 struct sctp_association *asoc; 7341 struct sctp_tmit_chunk *chk, *nchk; 7342 struct sctp_asconf_chunk *acp; 7343 7344 asoc = &stcb->asoc; 7345 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 7346 /* find SCTP_ASCONF chunk in queue */ 7347 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 7348 if (chk->data) { 7349 acp = mtod(chk->data, struct sctp_asconf_chunk *); 7350 if (SCTP_TSN_GT(ntohl(acp->serial_number), asoc->asconf_seq_out_acked)) { 7351 /* Not Acked yet */ 7352 break; 7353 } 7354 } 7355 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 7356 if (chk->data) { 7357 sctp_m_freem(chk->data); 7358 chk->data = NULL; 7359 } 7360 asoc->ctrl_queue_cnt--; 7361 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 7362 } 7363 } 7364} 7365 7366 7367static void 7368sctp_clean_up_datalist(struct sctp_tcb *stcb, 7369 struct sctp_association *asoc, 7370 struct sctp_tmit_chunk **data_list, 7371 int bundle_at, 7372 struct sctp_nets *net) 7373{ 7374 int i; 7375 struct sctp_tmit_chunk *tp1; 7376 7377 for (i = 0; i < bundle_at; i++) { 7378 /* off of the send queue */ 7379 TAILQ_REMOVE(&asoc->send_queue, data_list[i], sctp_next); 7380 asoc->send_queue_cnt--; 7381 if (i > 0) { 7382 /* 7383 * Any chunk NOT 0 you zap the time chunk 0 gets 7384 * zapped or set based on if a RTO measurment is 7385 * needed. 7386 */ 7387 data_list[i]->do_rtt = 0; 7388 } 7389 /* record time */ 7390 data_list[i]->sent_rcv_time = net->last_sent_time; 7391 data_list[i]->rec.data.cwnd_at_send = net->cwnd; 7392 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq; 7393 if (data_list[i]->whoTo == NULL) { 7394 data_list[i]->whoTo = net; 7395 atomic_add_int(&net->ref_count, 1); 7396 } 7397 /* on to the sent queue */ 7398 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead); 7399 if ((tp1) && SCTP_TSN_GT(tp1->rec.data.TSN_seq, data_list[i]->rec.data.TSN_seq)) { 7400 struct sctp_tmit_chunk *tpp; 7401 7402 /* need to move back */ 7403 back_up_more: 7404 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next); 7405 if (tpp == NULL) { 7406 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next); 7407 goto all_done; 7408 } 7409 tp1 = tpp; 7410 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, data_list[i]->rec.data.TSN_seq)) { 7411 goto back_up_more; 7412 } 7413 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next); 7414 } else { 7415 TAILQ_INSERT_TAIL(&asoc->sent_queue, 7416 data_list[i], 7417 sctp_next); 7418 } 7419 all_done: 7420 /* This does not lower until the cum-ack passes it */ 7421 asoc->sent_queue_cnt++; 7422 if ((asoc->peers_rwnd <= 0) && 7423 (asoc->total_flight == 0) && 7424 (bundle_at == 1)) { 7425 /* Mark the chunk as being a window probe */ 7426 SCTP_STAT_INCR(sctps_windowprobed); 7427 } 7428#ifdef SCTP_AUDITING_ENABLED 7429 sctp_audit_log(0xC2, 3); 7430#endif 7431 data_list[i]->sent = SCTP_DATAGRAM_SENT; 7432 data_list[i]->snd_count = 1; 7433 data_list[i]->rec.data.chunk_was_revoked = 0; 7434 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 7435 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 7436 data_list[i]->whoTo->flight_size, 7437 data_list[i]->book_size, 7438 (uintptr_t)data_list[i]->whoTo, 7439 data_list[i]->rec.data.TSN_seq); 7440 } 7441 sctp_flight_size_increase(data_list[i]); 7442 sctp_total_flight_increase(stcb, data_list[i]); 7443 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 7444 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 7445 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 7446 } 7447 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 7448 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 7449 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 7450 /* SWS sender side engages */ 7451 asoc->peers_rwnd = 0; 7452 } 7453 } 7454 if (asoc->cc_functions.sctp_cwnd_update_packet_transmitted) { 7455 (*asoc->cc_functions.sctp_cwnd_update_packet_transmitted)(stcb, net); 7456 } 7457} 7458 7459static void 7460sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc, int so_locked 7461#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 7462 SCTP_UNUSED 7463#endif 7464) 7465{ 7466 struct sctp_tmit_chunk *chk, *nchk; 7467 7468 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 7469 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 7470 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 7471 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 7472 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 7473 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) || 7474 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 7475 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 7476 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 7477 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 7478 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 7479 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 7480 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 7481 /* Stray chunks must be cleaned up */ 7482 clean_up_anyway: 7483 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 7484 if (chk->data) { 7485 sctp_m_freem(chk->data); 7486 chk->data = NULL; 7487 } 7488 asoc->ctrl_queue_cnt--; 7489 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) 7490 asoc->fwd_tsn_cnt--; 7491 sctp_free_a_chunk(stcb, chk, so_locked); 7492 } else if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 7493 /* special handling, we must look into the param */ 7494 if (chk != asoc->str_reset) { 7495 goto clean_up_anyway; 7496 } 7497 } 7498 } 7499} 7500 7501 7502static int 7503sctp_can_we_split_this(struct sctp_tcb *stcb, 7504 uint32_t length, 7505 uint32_t goal_mtu, uint32_t frag_point, int eeor_on) 7506{ 7507 /* Make a decision on if I should split a 7508 * msg into multiple parts. This is only asked of 7509 * incomplete messages. 7510 */ 7511 if (eeor_on) { 7512 /* If we are doing EEOR we need to always send 7513 * it if its the entire thing, since it might 7514 * be all the guy is putting in the hopper. 7515 */ 7516 if (goal_mtu >= length) { 7517 /*- 7518 * If we have data outstanding, 7519 * we get another chance when the sack 7520 * arrives to transmit - wait for more data 7521 */ 7522 if (stcb->asoc.total_flight == 0) { 7523 /* If nothing is in flight, we zero 7524 * the packet counter. 7525 */ 7526 return (length); 7527 } 7528 return (0); 7529 7530 } else { 7531 /* You can fill the rest */ 7532 return (goal_mtu); 7533 } 7534 } 7535 /*- 7536 * For those strange folk that make the send buffer 7537 * smaller than our fragmentation point, we can't 7538 * get a full msg in so we have to allow splitting. 7539 */ 7540 if (SCTP_SB_LIMIT_SND(stcb->sctp_socket) < frag_point) { 7541 return (length); 7542 } 7543 7544 if ((length <= goal_mtu) || 7545 ((length - goal_mtu) < SCTP_BASE_SYSCTL(sctp_min_residual))) { 7546 /* Sub-optimial residual don't split in non-eeor mode. */ 7547 return (0); 7548 } 7549 /* If we reach here length is larger 7550 * than the goal_mtu. Do we wish to split 7551 * it for the sake of packet putting together? 7552 */ 7553 if (goal_mtu >= min(SCTP_BASE_SYSCTL(sctp_min_split_point), frag_point)) { 7554 /* Its ok to split it */ 7555 return (min(goal_mtu, frag_point)); 7556 } 7557 /* Nope, can't split */ 7558 return (0); 7559 7560} 7561 7562static uint32_t 7563sctp_move_to_outqueue(struct sctp_tcb *stcb, 7564 struct sctp_stream_out *strq, 7565 uint32_t goal_mtu, 7566 uint32_t frag_point, 7567 int *locked, 7568 int *giveup, 7569 int eeor_mode, 7570 int *bail, 7571 int so_locked 7572#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 7573 SCTP_UNUSED 7574#endif 7575 ) 7576{ 7577 /* Move from the stream to the send_queue keeping track of the total */ 7578 struct sctp_association *asoc; 7579 struct sctp_stream_queue_pending *sp; 7580 struct sctp_tmit_chunk *chk; 7581 struct sctp_data_chunk *dchkh; 7582 uint32_t to_move, length; 7583 uint8_t rcv_flags = 0; 7584 uint8_t some_taken; 7585 uint8_t send_lock_up = 0; 7586 7587 SCTP_TCB_LOCK_ASSERT(stcb); 7588 asoc = &stcb->asoc; 7589one_more_time: 7590 /*sa_ignore FREED_MEMORY*/ 7591 sp = TAILQ_FIRST(&strq->outqueue); 7592 if (sp == NULL) { 7593 *locked = 0; 7594 if (send_lock_up == 0) { 7595 SCTP_TCB_SEND_LOCK(stcb); 7596 send_lock_up = 1; 7597 } 7598 sp = TAILQ_FIRST(&strq->outqueue); 7599 if (sp) { 7600 goto one_more_time; 7601 } 7602 if (strq->last_msg_incomplete) { 7603 SCTP_PRINTF("Huh? Stream:%d lm_in_c=%d but queue is NULL\n", 7604 strq->stream_no, 7605 strq->last_msg_incomplete); 7606 strq->last_msg_incomplete = 0; 7607 } 7608 to_move = 0; 7609 if (send_lock_up) { 7610 SCTP_TCB_SEND_UNLOCK(stcb); 7611 send_lock_up = 0; 7612 } 7613 goto out_of; 7614 } 7615 if ((sp->msg_is_complete) && (sp->length == 0)) { 7616 if (sp->sender_all_done) { 7617 /* We are doing differed cleanup. Last 7618 * time through when we took all the data 7619 * the sender_all_done was not set. 7620 */ 7621 if ((sp->put_last_out == 0) && (sp->discard_rest == 0)) { 7622 SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n"); 7623 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d send_lock:%d\n", 7624 sp->sender_all_done, 7625 sp->length, 7626 sp->msg_is_complete, 7627 sp->put_last_out, 7628 send_lock_up); 7629 } 7630 if ((TAILQ_NEXT(sp, next) == NULL) && (send_lock_up == 0)) { 7631 SCTP_TCB_SEND_LOCK(stcb); 7632 send_lock_up = 1; 7633 } 7634 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 7635 TAILQ_REMOVE(&strq->outqueue, sp, next); 7636 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp, send_lock_up); 7637 if (sp->net) { 7638 sctp_free_remote_addr(sp->net); 7639 sp->net = NULL; 7640 } 7641 if (sp->data) { 7642 sctp_m_freem(sp->data); 7643 sp->data = NULL; 7644 } 7645 sctp_free_a_strmoq(stcb, sp, so_locked); 7646 /* we can't be locked to it */ 7647 *locked = 0; 7648 stcb->asoc.locked_on_sending = NULL; 7649 if (send_lock_up) { 7650 SCTP_TCB_SEND_UNLOCK(stcb); 7651 send_lock_up = 0; 7652 } 7653 /* back to get the next msg */ 7654 goto one_more_time; 7655 } else { 7656 /* sender just finished this but 7657 * still holds a reference 7658 */ 7659 *locked = 1; 7660 *giveup = 1; 7661 to_move = 0; 7662 goto out_of; 7663 } 7664 } else { 7665 /* is there some to get */ 7666 if (sp->length == 0) { 7667 /* no */ 7668 *locked = 1; 7669 *giveup = 1; 7670 to_move = 0; 7671 goto out_of; 7672 } else if (sp->discard_rest) { 7673 if (send_lock_up == 0) { 7674 SCTP_TCB_SEND_LOCK(stcb); 7675 send_lock_up = 1; 7676 } 7677 /* Whack down the size */ 7678 atomic_subtract_int(&stcb->asoc.total_output_queue_size, sp->length); 7679 if ((stcb->sctp_socket != NULL) && \ 7680 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 7681 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 7682 atomic_subtract_int(&stcb->sctp_socket->so_snd.sb_cc, sp->length); 7683 } 7684 if (sp->data) { 7685 sctp_m_freem(sp->data); 7686 sp->data = NULL; 7687 sp->tail_mbuf = NULL; 7688 } 7689 sp->length = 0; 7690 sp->some_taken = 1; 7691 *locked = 1; 7692 *giveup = 1; 7693 to_move = 0; 7694 goto out_of; 7695 } 7696 } 7697 some_taken = sp->some_taken; 7698 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 7699 sp->msg_is_complete = 1; 7700 } 7701re_look: 7702 length = sp->length; 7703 if (sp->msg_is_complete) { 7704 /* The message is complete */ 7705 to_move = min(length, frag_point); 7706 if (to_move == length) { 7707 /* All of it fits in the MTU */ 7708 if (sp->some_taken) { 7709 rcv_flags |= SCTP_DATA_LAST_FRAG; 7710 sp->put_last_out = 1; 7711 } else { 7712 rcv_flags |= SCTP_DATA_NOT_FRAG; 7713 sp->put_last_out = 1; 7714 } 7715 } else { 7716 /* Not all of it fits, we fragment */ 7717 if (sp->some_taken == 0) { 7718 rcv_flags |= SCTP_DATA_FIRST_FRAG; 7719 } 7720 sp->some_taken = 1; 7721 } 7722 } else { 7723 to_move = sctp_can_we_split_this(stcb, length, goal_mtu, frag_point, eeor_mode); 7724 if (to_move) { 7725 /*- 7726 * We use a snapshot of length in case it 7727 * is expanding during the compare. 7728 */ 7729 uint32_t llen; 7730 7731 llen = length; 7732 if (to_move >= llen) { 7733 to_move = llen; 7734 if (send_lock_up == 0) { 7735 /*- 7736 * We are taking all of an incomplete msg 7737 * thus we need a send lock. 7738 */ 7739 SCTP_TCB_SEND_LOCK(stcb); 7740 send_lock_up = 1; 7741 if (sp->msg_is_complete) { 7742 /* the sender finished the msg */ 7743 goto re_look; 7744 } 7745 } 7746 } 7747 if (sp->some_taken == 0) { 7748 rcv_flags |= SCTP_DATA_FIRST_FRAG; 7749 sp->some_taken = 1; 7750 } 7751 } else { 7752 /* Nothing to take. */ 7753 if (sp->some_taken) { 7754 *locked = 1; 7755 } 7756 *giveup = 1; 7757 to_move = 0; 7758 goto out_of; 7759 } 7760 } 7761 7762 /* If we reach here, we can copy out a chunk */ 7763 sctp_alloc_a_chunk(stcb, chk); 7764 if (chk == NULL) { 7765 /* No chunk memory */ 7766 *giveup = 1; 7767 to_move = 0; 7768 goto out_of; 7769 } 7770 /* Setup for unordered if needed by looking 7771 * at the user sent info flags. 7772 */ 7773 if (sp->sinfo_flags & SCTP_UNORDERED) { 7774 rcv_flags |= SCTP_DATA_UNORDERED; 7775 } 7776 if ((SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) && ((sp->sinfo_flags & SCTP_EOF) == SCTP_EOF)) || 7777 ((sp->sinfo_flags & SCTP_SACK_IMMEDIATELY) == SCTP_SACK_IMMEDIATELY)) { 7778 rcv_flags |= SCTP_DATA_SACK_IMMEDIATELY; 7779 } 7780 /* clear out the chunk before setting up */ 7781 memset(chk, 0, sizeof(*chk)); 7782 chk->rec.data.rcv_flags = rcv_flags; 7783 7784 if (to_move >= length) { 7785 /* we think we can steal the whole thing */ 7786 if ((sp->sender_all_done == 0) && (send_lock_up == 0)) { 7787 SCTP_TCB_SEND_LOCK(stcb); 7788 send_lock_up = 1; 7789 } 7790 if (to_move < sp->length) { 7791 /* bail, it changed */ 7792 goto dont_do_it; 7793 } 7794 chk->data = sp->data; 7795 chk->last_mbuf = sp->tail_mbuf; 7796 /* register the stealing */ 7797 sp->data = sp->tail_mbuf = NULL; 7798 } else { 7799 struct mbuf *m; 7800 dont_do_it: 7801 chk->data = SCTP_M_COPYM(sp->data, 0, to_move, M_NOWAIT); 7802 chk->last_mbuf = NULL; 7803 if (chk->data == NULL) { 7804 sp->some_taken = some_taken; 7805 sctp_free_a_chunk(stcb, chk, so_locked); 7806 *bail = 1; 7807 to_move = 0; 7808 goto out_of; 7809 } 7810#ifdef SCTP_MBUF_LOGGING 7811 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 7812 struct mbuf *mat; 7813 7814 for (mat = chk->data; mat; mat = SCTP_BUF_NEXT(mat)) { 7815 if (SCTP_BUF_IS_EXTENDED(mat)) { 7816 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 7817 } 7818 } 7819 } 7820#endif 7821 /* Pull off the data */ 7822 m_adj(sp->data, to_move); 7823 /* Now lets work our way down and compact it */ 7824 m = sp->data; 7825 while (m && (SCTP_BUF_LEN(m) == 0)) { 7826 sp->data = SCTP_BUF_NEXT(m); 7827 SCTP_BUF_NEXT(m) = NULL; 7828 if (sp->tail_mbuf == m) { 7829 /*- 7830 * Freeing tail? TSNH since 7831 * we supposedly were taking less 7832 * than the sp->length. 7833 */ 7834#ifdef INVARIANTS 7835 panic("Huh, freing tail? - TSNH"); 7836#else 7837 SCTP_PRINTF("Huh, freeing tail? - TSNH\n"); 7838 sp->tail_mbuf = sp->data = NULL; 7839 sp->length = 0; 7840#endif 7841 7842 } 7843 sctp_m_free(m); 7844 m = sp->data; 7845 } 7846 } 7847 if (SCTP_BUF_IS_EXTENDED(chk->data)) { 7848 chk->copy_by_ref = 1; 7849 } else { 7850 chk->copy_by_ref = 0; 7851 } 7852 /* get last_mbuf and counts of mb useage 7853 * This is ugly but hopefully its only one mbuf. 7854 */ 7855 if (chk->last_mbuf == NULL) { 7856 chk->last_mbuf = chk->data; 7857 while (SCTP_BUF_NEXT(chk->last_mbuf) != NULL) { 7858 chk->last_mbuf = SCTP_BUF_NEXT(chk->last_mbuf); 7859 } 7860 } 7861 7862 if (to_move > length) { 7863 /*- This should not happen either 7864 * since we always lower to_move to the size 7865 * of sp->length if its larger. 7866 */ 7867#ifdef INVARIANTS 7868 panic("Huh, how can to_move be larger?"); 7869#else 7870 SCTP_PRINTF("Huh, how can to_move be larger?\n"); 7871 sp->length = 0; 7872#endif 7873 } else { 7874 atomic_subtract_int(&sp->length, to_move); 7875 } 7876 if (M_LEADINGSPACE(chk->data) < (int)sizeof(struct sctp_data_chunk)) { 7877 /* Not enough room for a chunk header, get some */ 7878 struct mbuf *m; 7879 m = sctp_get_mbuf_for_msg(1, 0, M_NOWAIT, 0, MT_DATA); 7880 if (m == NULL) { 7881 /* 7882 * we're in trouble here. _PREPEND below will free 7883 * all the data if there is no leading space, so we 7884 * must put the data back and restore. 7885 */ 7886 if (send_lock_up == 0) { 7887 SCTP_TCB_SEND_LOCK(stcb); 7888 send_lock_up = 1; 7889 } 7890 if (chk->data == NULL) { 7891 /* unsteal the data */ 7892 sp->data = chk->data; 7893 sp->tail_mbuf = chk->last_mbuf; 7894 } else { 7895 struct mbuf *m_tmp; 7896 /* reassemble the data */ 7897 m_tmp = sp->data; 7898 sp->data = chk->data; 7899 SCTP_BUF_NEXT(chk->last_mbuf) = m_tmp; 7900 } 7901 sp->some_taken = some_taken; 7902 atomic_add_int(&sp->length, to_move); 7903 chk->data = NULL; 7904 *bail = 1; 7905 sctp_free_a_chunk(stcb, chk, so_locked); 7906 to_move = 0; 7907 goto out_of; 7908 } else { 7909 SCTP_BUF_LEN(m) = 0; 7910 SCTP_BUF_NEXT(m) = chk->data; 7911 chk->data = m; 7912 M_ALIGN(chk->data, 4); 7913 } 7914 } 7915 SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_NOWAIT); 7916 if (chk->data == NULL) { 7917 /* HELP, TSNH since we assured it would not above? */ 7918#ifdef INVARIANTS 7919 panic("prepend failes HELP?"); 7920#else 7921 SCTP_PRINTF("prepend fails HELP?\n"); 7922 sctp_free_a_chunk(stcb, chk, so_locked); 7923#endif 7924 *bail = 1; 7925 to_move = 0; 7926 goto out_of; 7927 } 7928 sctp_snd_sb_alloc(stcb, sizeof(struct sctp_data_chunk)); 7929 chk->book_size = chk->send_size = (to_move + sizeof(struct sctp_data_chunk)); 7930 chk->book_size_scale = 0; 7931 chk->sent = SCTP_DATAGRAM_UNSENT; 7932 7933 chk->flags = 0; 7934 chk->asoc = &stcb->asoc; 7935 chk->pad_inplace = 0; 7936 chk->no_fr_allowed = 0; 7937 chk->rec.data.stream_seq = strq->next_sequence_send; 7938 if ((rcv_flags & SCTP_DATA_LAST_FRAG) && 7939 !(rcv_flags & SCTP_DATA_UNORDERED)) { 7940 strq->next_sequence_send++; 7941 } 7942 chk->rec.data.stream_number = sp->stream; 7943 chk->rec.data.payloadtype = sp->ppid; 7944 chk->rec.data.context = sp->context; 7945 chk->rec.data.doing_fast_retransmit = 0; 7946 7947 chk->rec.data.timetodrop = sp->ts; 7948 chk->flags = sp->act_flags; 7949 7950 if (sp->net) { 7951 chk->whoTo = sp->net; 7952 atomic_add_int(&chk->whoTo->ref_count, 1); 7953 } else 7954 chk->whoTo = NULL; 7955 7956 if (sp->holds_key_ref) { 7957 chk->auth_keyid = sp->auth_keyid; 7958 sctp_auth_key_acquire(stcb, chk->auth_keyid); 7959 chk->holds_key_ref = 1; 7960 } 7961#if defined(__FreeBSD__) || defined(__Panda__) 7962 chk->rec.data.TSN_seq = atomic_fetchadd_int(&asoc->sending_seq, 1); 7963#else 7964 chk->rec.data.TSN_seq = asoc->sending_seq++; 7965#endif 7966 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_OUTQ) { 7967 sctp_misc_ints(SCTP_STRMOUT_LOG_SEND, 7968 (uintptr_t)stcb, sp->length, 7969 (uint32_t)((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq), 7970 chk->rec.data.TSN_seq); 7971 } 7972 dchkh = mtod(chk->data, struct sctp_data_chunk *); 7973 /* 7974 * Put the rest of the things in place now. Size was done 7975 * earlier in previous loop prior to padding. 7976 */ 7977 7978#ifdef SCTP_ASOCLOG_OF_TSNS 7979 SCTP_TCB_LOCK_ASSERT(stcb); 7980 if (asoc->tsn_out_at >= SCTP_TSN_LOG_SIZE) { 7981 asoc->tsn_out_at = 0; 7982 asoc->tsn_out_wrapped = 1; 7983 } 7984 asoc->out_tsnlog[asoc->tsn_out_at].tsn = chk->rec.data.TSN_seq; 7985 asoc->out_tsnlog[asoc->tsn_out_at].strm = chk->rec.data.stream_number; 7986 asoc->out_tsnlog[asoc->tsn_out_at].seq = chk->rec.data.stream_seq; 7987 asoc->out_tsnlog[asoc->tsn_out_at].sz = chk->send_size; 7988 asoc->out_tsnlog[asoc->tsn_out_at].flgs = chk->rec.data.rcv_flags; 7989 asoc->out_tsnlog[asoc->tsn_out_at].stcb = (void *)stcb; 7990 asoc->out_tsnlog[asoc->tsn_out_at].in_pos = asoc->tsn_out_at; 7991 asoc->out_tsnlog[asoc->tsn_out_at].in_out = 2; 7992 asoc->tsn_out_at++; 7993#endif 7994 7995 dchkh->ch.chunk_type = SCTP_DATA; 7996 dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; 7997 dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); 7998 dchkh->dp.stream_id = htons(strq->stream_no); 7999 dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); 8000 dchkh->dp.protocol_id = chk->rec.data.payloadtype; 8001 dchkh->ch.chunk_length = htons(chk->send_size); 8002 /* Now advance the chk->send_size by the actual pad needed. */ 8003 if (chk->send_size < SCTP_SIZE32(chk->book_size)) { 8004 /* need a pad */ 8005 struct mbuf *lm; 8006 int pads; 8007 8008 pads = SCTP_SIZE32(chk->book_size) - chk->send_size; 8009 lm = sctp_pad_lastmbuf(chk->data, pads, chk->last_mbuf); 8010 if (lm != NULL) { 8011 chk->last_mbuf = lm; 8012 chk->pad_inplace = 1; 8013 } 8014 chk->send_size += pads; 8015 } 8016 if (PR_SCTP_ENABLED(chk->flags)) { 8017 asoc->pr_sctp_cnt++; 8018 } 8019 if (sp->msg_is_complete && (sp->length == 0) && (sp->sender_all_done)) { 8020 /* All done pull and kill the message */ 8021 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 8022 if (sp->put_last_out == 0) { 8023 SCTP_PRINTF("Gak, put out entire msg with NO end!-2\n"); 8024 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d send_lock:%d\n", 8025 sp->sender_all_done, 8026 sp->length, 8027 sp->msg_is_complete, 8028 sp->put_last_out, 8029 send_lock_up); 8030 } 8031 if ((send_lock_up == 0) && (TAILQ_NEXT(sp, next) == NULL)) { 8032 SCTP_TCB_SEND_LOCK(stcb); 8033 send_lock_up = 1; 8034 } 8035 TAILQ_REMOVE(&strq->outqueue, sp, next); 8036 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp, send_lock_up); 8037 if (sp->net) { 8038 sctp_free_remote_addr(sp->net); 8039 sp->net = NULL; 8040 } 8041 if (sp->data) { 8042 sctp_m_freem(sp->data); 8043 sp->data = NULL; 8044 } 8045 sctp_free_a_strmoq(stcb, sp, so_locked); 8046 8047 /* we can't be locked to it */ 8048 *locked = 0; 8049 stcb->asoc.locked_on_sending = NULL; 8050 } else { 8051 /* more to go, we are locked */ 8052 *locked = 1; 8053 } 8054 asoc->chunks_on_out_queue++; 8055 strq->chunks_on_queues++; 8056 TAILQ_INSERT_TAIL(&asoc->send_queue, chk, sctp_next); 8057 asoc->send_queue_cnt++; 8058out_of: 8059 if (send_lock_up) { 8060 SCTP_TCB_SEND_UNLOCK(stcb); 8061 } 8062 return (to_move); 8063} 8064 8065 8066static void 8067sctp_fill_outqueue(struct sctp_tcb *stcb, 8068 struct sctp_nets *net, int frag_point, int eeor_mode, int *quit_now, int so_locked 8069#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 8070 SCTP_UNUSED 8071#endif 8072) 8073{ 8074 struct sctp_association *asoc; 8075 struct sctp_stream_out *strq; 8076 int goal_mtu, moved_how_much, total_moved = 0, bail = 0; 8077 int locked, giveup; 8078 8079 SCTP_TCB_LOCK_ASSERT(stcb); 8080 asoc = &stcb->asoc; 8081 switch (net->ro._l_addr.sa.sa_family) { 8082#ifdef INET 8083 case AF_INET: 8084 goal_mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8085 break; 8086#endif 8087#ifdef INET6 8088 case AF_INET6: 8089 goal_mtu = net->mtu - SCTP_MIN_OVERHEAD; 8090 break; 8091#endif 8092#if defined(__Userspace__) 8093 case AF_CONN: 8094 goal_mtu = net->mtu - sizeof(struct sctphdr); 8095 break; 8096#endif 8097 default: 8098 /* TSNH */ 8099 goal_mtu = net->mtu; 8100 break; 8101 } 8102 /* Need an allowance for the data chunk header too */ 8103 goal_mtu -= sizeof(struct sctp_data_chunk); 8104 8105 /* must make even word boundary */ 8106 goal_mtu &= 0xfffffffc; 8107 if (asoc->locked_on_sending) { 8108 /* We are stuck on one stream until the message completes. */ 8109 strq = asoc->locked_on_sending; 8110 locked = 1; 8111 } else { 8112 strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); 8113 locked = 0; 8114 } 8115 while ((goal_mtu > 0) && strq) { 8116 giveup = 0; 8117 bail = 0; 8118 moved_how_much = sctp_move_to_outqueue(stcb, strq, goal_mtu, frag_point, &locked, 8119 &giveup, eeor_mode, &bail, so_locked); 8120 if (moved_how_much) 8121 stcb->asoc.ss_functions.sctp_ss_scheduled(stcb, net, asoc, strq, moved_how_much); 8122 8123 if (locked) { 8124 asoc->locked_on_sending = strq; 8125 if ((moved_how_much == 0) || (giveup) || bail) 8126 /* no more to move for now */ 8127 break; 8128 } else { 8129 asoc->locked_on_sending = NULL; 8130 if ((giveup) || bail) { 8131 break; 8132 } 8133 strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); 8134 if (strq == NULL) { 8135 break; 8136 } 8137 } 8138 total_moved += moved_how_much; 8139 goal_mtu -= (moved_how_much + sizeof(struct sctp_data_chunk)); 8140 goal_mtu &= 0xfffffffc; 8141 } 8142 if (bail) 8143 *quit_now = 1; 8144 8145 stcb->asoc.ss_functions.sctp_ss_packet_done(stcb, net, asoc); 8146 8147 if (total_moved == 0) { 8148 if ((stcb->asoc.sctp_cmt_on_off == 0) && 8149 (net == stcb->asoc.primary_destination)) { 8150 /* ran dry for primary network net */ 8151 SCTP_STAT_INCR(sctps_primary_randry); 8152 } else if (stcb->asoc.sctp_cmt_on_off > 0) { 8153 /* ran dry with CMT on */ 8154 SCTP_STAT_INCR(sctps_cmt_randry); 8155 } 8156 } 8157} 8158 8159void 8160sctp_fix_ecn_echo(struct sctp_association *asoc) 8161{ 8162 struct sctp_tmit_chunk *chk; 8163 8164 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8165 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 8166 chk->sent = SCTP_DATAGRAM_UNSENT; 8167 } 8168 } 8169} 8170 8171void 8172sctp_move_chunks_from_net(struct sctp_tcb *stcb, struct sctp_nets *net) 8173{ 8174 struct sctp_association *asoc; 8175 struct sctp_tmit_chunk *chk; 8176 struct sctp_stream_queue_pending *sp; 8177 unsigned int i; 8178 8179 if (net == NULL) { 8180 return; 8181 } 8182 asoc = &stcb->asoc; 8183 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 8184 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) { 8185 if (sp->net == net) { 8186 sctp_free_remote_addr(sp->net); 8187 sp->net = NULL; 8188 } 8189 } 8190 } 8191 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 8192 if (chk->whoTo == net) { 8193 sctp_free_remote_addr(chk->whoTo); 8194 chk->whoTo = NULL; 8195 } 8196 } 8197} 8198 8199int 8200sctp_med_chunk_output(struct sctp_inpcb *inp, 8201 struct sctp_tcb *stcb, 8202 struct sctp_association *asoc, 8203 int *num_out, 8204 int *reason_code, 8205 int control_only, int from_where, 8206 struct timeval *now, int *now_filled, int frag_point, int so_locked 8207#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 8208 SCTP_UNUSED 8209#endif 8210 ) 8211{ 8212 /** 8213 * Ok this is the generic chunk service queue. we must do the 8214 * following: - Service the stream queue that is next, moving any 8215 * message (note I must get a complete message i.e. FIRST/MIDDLE and 8216 * LAST to the out queue in one pass) and assigning TSN's - Check to 8217 * see if the cwnd/rwnd allows any output, if so we go ahead and 8218 * fomulate and send the low level chunks. Making sure to combine 8219 * any control in the control chunk queue also. 8220 */ 8221 struct sctp_nets *net, *start_at, *sack_goes_to = NULL, *old_start_at = NULL; 8222 struct mbuf *outchain, *endoutchain; 8223 struct sctp_tmit_chunk *chk, *nchk; 8224 8225 /* temp arrays for unlinking */ 8226 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 8227 int no_fragmentflg, error; 8228 unsigned int max_rwnd_per_dest, max_send_per_dest; 8229 int one_chunk, hbflag, skip_data_for_this_net; 8230 int asconf, cookie, no_out_cnt; 8231 int bundle_at, ctl_cnt, no_data_chunks, eeor_mode; 8232 unsigned int mtu, r_mtu, omtu, mx_mtu, to_out; 8233 int tsns_sent = 0; 8234 uint32_t auth_offset = 0; 8235 struct sctp_auth_chunk *auth = NULL; 8236 uint16_t auth_keyid; 8237 int override_ok = 1; 8238 int skip_fill_up = 0; 8239 int data_auth_reqd = 0; 8240 /* JRS 5/14/07 - Add flag for whether a heartbeat is sent to 8241 the destination. */ 8242 int quit_now = 0; 8243 8244#if defined(__APPLE__) 8245 if (so_locked) { 8246 sctp_lock_assert(SCTP_INP_SO(inp)); 8247 } else { 8248 sctp_unlock_assert(SCTP_INP_SO(inp)); 8249 } 8250#endif 8251 *num_out = 0; 8252 auth_keyid = stcb->asoc.authinfo.active_keyid; 8253 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) || 8254 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED) || 8255 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) { 8256 eeor_mode = 1; 8257 } else { 8258 eeor_mode = 0; 8259 } 8260 ctl_cnt = no_out_cnt = asconf = cookie = 0; 8261 /* 8262 * First lets prime the pump. For each destination, if there is room 8263 * in the flight size, attempt to pull an MTU's worth out of the 8264 * stream queues into the general send_queue 8265 */ 8266#ifdef SCTP_AUDITING_ENABLED 8267 sctp_audit_log(0xC2, 2); 8268#endif 8269 SCTP_TCB_LOCK_ASSERT(stcb); 8270 hbflag = 0; 8271 if ((control_only) || (asoc->stream_reset_outstanding)) 8272 no_data_chunks = 1; 8273 else 8274 no_data_chunks = 0; 8275 8276 /* Nothing to possible to send? */ 8277 if ((TAILQ_EMPTY(&asoc->control_send_queue) || 8278 (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) && 8279 TAILQ_EMPTY(&asoc->asconf_send_queue) && 8280 TAILQ_EMPTY(&asoc->send_queue) && 8281 stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { 8282 nothing_to_send: 8283 *reason_code = 9; 8284 return (0); 8285 } 8286 if (asoc->peers_rwnd == 0) { 8287 /* No room in peers rwnd */ 8288 *reason_code = 1; 8289 if (asoc->total_flight > 0) { 8290 /* we are allowed one chunk in flight */ 8291 no_data_chunks = 1; 8292 } 8293 } 8294 if (stcb->asoc.ecn_echo_cnt_onq) { 8295 /* Record where a sack goes, if any */ 8296 if (no_data_chunks && 8297 (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) { 8298 /* Nothing but ECNe to send - we don't do that */ 8299 goto nothing_to_send; 8300 } 8301 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8302 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 8303 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) { 8304 sack_goes_to = chk->whoTo; 8305 break; 8306 } 8307 } 8308 } 8309 max_rwnd_per_dest = ((asoc->peers_rwnd + asoc->total_flight) / asoc->numnets); 8310 if (stcb->sctp_socket) 8311 max_send_per_dest = SCTP_SB_LIMIT_SND(stcb->sctp_socket) / asoc->numnets; 8312 else 8313 max_send_per_dest = 0; 8314 if (no_data_chunks == 0) { 8315 /* How many non-directed chunks are there? */ 8316 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 8317 if (chk->whoTo == NULL) { 8318 /* We already have non-directed 8319 * chunks on the queue, no need 8320 * to do a fill-up. 8321 */ 8322 skip_fill_up = 1; 8323 break; 8324 } 8325 } 8326 8327 } 8328 if ((no_data_chunks == 0) && 8329 (skip_fill_up == 0) && 8330 (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc))) { 8331 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 8332 /* 8333 * This for loop we are in takes in 8334 * each net, if its's got space in cwnd and 8335 * has data sent to it (when CMT is off) then it 8336 * calls sctp_fill_outqueue for the net. This gets 8337 * data on the send queue for that network. 8338 * 8339 * In sctp_fill_outqueue TSN's are assigned and 8340 * data is copied out of the stream buffers. Note 8341 * mostly copy by reference (we hope). 8342 */ 8343 net->window_probe = 0; 8344 if ((net != stcb->asoc.alternate) && 8345 ((net->dest_state & SCTP_ADDR_PF) || 8346 (!(net->dest_state & SCTP_ADDR_REACHABLE)) || 8347 (net->dest_state & SCTP_ADDR_UNCONFIRMED))) { 8348 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8349 sctp_log_cwnd(stcb, net, 1, 8350 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 8351 } 8352 continue; 8353 } 8354 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) && 8355 (net->flight_size == 0)) { 8356 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins)(stcb, net); 8357 } 8358 if (net->flight_size >= net->cwnd) { 8359 /* skip this network, no room - can't fill */ 8360 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8361 sctp_log_cwnd(stcb, net, 3, 8362 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 8363 } 8364 continue; 8365 } 8366 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8367 sctp_log_cwnd(stcb, net, 4, SCTP_CWND_LOG_FILL_OUTQ_CALLED); 8368 } 8369 sctp_fill_outqueue(stcb, net, frag_point, eeor_mode, &quit_now, so_locked); 8370 if (quit_now) { 8371 /* memory alloc failure */ 8372 no_data_chunks = 1; 8373 break; 8374 } 8375 } 8376 } 8377 /* now service each destination and send out what we can for it */ 8378 /* Nothing to send? */ 8379 if (TAILQ_EMPTY(&asoc->control_send_queue) && 8380 TAILQ_EMPTY(&asoc->asconf_send_queue) && 8381 TAILQ_EMPTY(&asoc->send_queue)) { 8382 *reason_code = 8; 8383 return (0); 8384 } 8385 8386 if (asoc->sctp_cmt_on_off > 0) { 8387 /* get the last start point */ 8388 start_at = asoc->last_net_cmt_send_started; 8389 if (start_at == NULL) { 8390 /* null so to beginning */ 8391 start_at = TAILQ_FIRST(&asoc->nets); 8392 } else { 8393 start_at = TAILQ_NEXT(asoc->last_net_cmt_send_started, sctp_next); 8394 if (start_at == NULL) { 8395 start_at = TAILQ_FIRST(&asoc->nets); 8396 } 8397 } 8398 asoc->last_net_cmt_send_started = start_at; 8399 } else { 8400 start_at = TAILQ_FIRST(&asoc->nets); 8401 } 8402 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8403 if (chk->whoTo == NULL) { 8404 if (asoc->alternate) { 8405 chk->whoTo = asoc->alternate; 8406 } else { 8407 chk->whoTo = asoc->primary_destination; 8408 } 8409 atomic_add_int(&chk->whoTo->ref_count, 1); 8410 } 8411 } 8412 old_start_at = NULL; 8413again_one_more_time: 8414 for (net = start_at ; net != NULL; net = TAILQ_NEXT(net, sctp_next)) { 8415 /* how much can we send? */ 8416 /* SCTPDBG("Examine for sending net:%x\n", (uint32_t)net); */ 8417 if (old_start_at && (old_start_at == net)) { 8418 /* through list ocmpletely. */ 8419 break; 8420 } 8421 tsns_sent = 0xa; 8422 if (TAILQ_EMPTY(&asoc->control_send_queue) && 8423 TAILQ_EMPTY(&asoc->asconf_send_queue) && 8424 (net->flight_size >= net->cwnd)) { 8425 /* Nothing on control or asconf and flight is full, we can skip 8426 * even in the CMT case. 8427 */ 8428 continue; 8429 } 8430 bundle_at = 0; 8431 endoutchain = outchain = NULL; 8432 no_fragmentflg = 1; 8433 one_chunk = 0; 8434 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 8435 skip_data_for_this_net = 1; 8436 } else { 8437 skip_data_for_this_net = 0; 8438 } 8439#if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__) || defined(__APPLE__)) 8440 if ((net->ro.ro_rt) && (net->ro.ro_rt->rt_ifp)) { 8441 /* 8442 * if we have a route and an ifp check to see if we 8443 * have room to send to this guy 8444 */ 8445 struct ifnet *ifp; 8446 8447 ifp = net->ro.ro_rt->rt_ifp; 8448 if ((ifp->if_snd.ifq_len + 2) >= ifp->if_snd.ifq_maxlen) { 8449 SCTP_STAT_INCR(sctps_ifnomemqueued); 8450 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 8451 sctp_log_maxburst(stcb, net, ifp->if_snd.ifq_len, ifp->if_snd.ifq_maxlen, SCTP_MAX_IFP_APPLIED); 8452 } 8453 continue; 8454 } 8455 } 8456#endif 8457 switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) { 8458#ifdef INET 8459 case AF_INET: 8460 mtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 8461 break; 8462#endif 8463#ifdef INET6 8464 case AF_INET6: 8465 mtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 8466 break; 8467#endif 8468#if defined(__Userspace__) 8469 case AF_CONN: 8470 mtu = net->mtu - sizeof(struct sctphdr); 8471 break; 8472#endif 8473 default: 8474 /* TSNH */ 8475 mtu = net->mtu; 8476 break; 8477 } 8478 mx_mtu = mtu; 8479 to_out = 0; 8480 if (mtu > asoc->peers_rwnd) { 8481 if (asoc->total_flight > 0) { 8482 /* We have a packet in flight somewhere */ 8483 r_mtu = asoc->peers_rwnd; 8484 } else { 8485 /* We are always allowed to send one MTU out */ 8486 one_chunk = 1; 8487 r_mtu = mtu; 8488 } 8489 } else { 8490 r_mtu = mtu; 8491 } 8492 /************************/ 8493 /* ASCONF transmission */ 8494 /************************/ 8495 /* Now first lets go through the asconf queue */ 8496 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 8497 if (chk->rec.chunk_id.id != SCTP_ASCONF) { 8498 continue; 8499 } 8500 if (chk->whoTo == NULL) { 8501 if (asoc->alternate == NULL) { 8502 if (asoc->primary_destination != net) { 8503 break; 8504 } 8505 } else { 8506 if (asoc->alternate != net) { 8507 break; 8508 } 8509 } 8510 } else { 8511 if (chk->whoTo != net) { 8512 break; 8513 } 8514 } 8515 if (chk->data == NULL) { 8516 break; 8517 } 8518 if (chk->sent != SCTP_DATAGRAM_UNSENT && 8519 chk->sent != SCTP_DATAGRAM_RESEND) { 8520 break; 8521 } 8522 /* 8523 * if no AUTH is yet included and this chunk 8524 * requires it, make sure to account for it. We 8525 * don't apply the size until the AUTH chunk is 8526 * actually added below in case there is no room for 8527 * this chunk. NOTE: we overload the use of "omtu" 8528 * here 8529 */ 8530 if ((auth == NULL) && 8531 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8532 stcb->asoc.peer_auth_chunks)) { 8533 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8534 } else 8535 omtu = 0; 8536 /* Here we do NOT factor the r_mtu */ 8537 if ((chk->send_size < (int)(mtu - omtu)) || 8538 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 8539 /* 8540 * We probably should glom the mbuf chain 8541 * from the chk->data for control but the 8542 * problem is it becomes yet one more level 8543 * of tracking to do if for some reason 8544 * output fails. Then I have got to 8545 * reconstruct the merged control chain.. el 8546 * yucko.. for now we take the easy way and 8547 * do the copy 8548 */ 8549 /* 8550 * Add an AUTH chunk, if chunk requires it 8551 * save the offset into the chain for AUTH 8552 */ 8553 if ((auth == NULL) && 8554 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8555 stcb->asoc.peer_auth_chunks))) { 8556 outchain = sctp_add_auth_chunk(outchain, 8557 &endoutchain, 8558 &auth, 8559 &auth_offset, 8560 stcb, 8561 chk->rec.chunk_id.id); 8562 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8563 } 8564 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 8565 (int)chk->rec.chunk_id.can_take_data, 8566 chk->send_size, chk->copy_by_ref); 8567 if (outchain == NULL) { 8568 *reason_code = 8; 8569 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 8570 return (ENOMEM); 8571 } 8572 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8573 /* update our MTU size */ 8574 if (mtu > (chk->send_size + omtu)) 8575 mtu -= (chk->send_size + omtu); 8576 else 8577 mtu = 0; 8578 to_out += (chk->send_size + omtu); 8579 /* Do clear IP_DF ? */ 8580 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8581 no_fragmentflg = 0; 8582 } 8583 if (chk->rec.chunk_id.can_take_data) 8584 chk->data = NULL; 8585 /* 8586 * set hb flag since we can 8587 * use these for RTO 8588 */ 8589 hbflag = 1; 8590 asconf = 1; 8591 /* 8592 * should sysctl this: don't 8593 * bundle data with ASCONF 8594 * since it requires AUTH 8595 */ 8596 no_data_chunks = 1; 8597 chk->sent = SCTP_DATAGRAM_SENT; 8598 if (chk->whoTo == NULL) { 8599 chk->whoTo = net; 8600 atomic_add_int(&net->ref_count, 1); 8601 } 8602 chk->snd_count++; 8603 if (mtu == 0) { 8604 /* 8605 * Ok we are out of room but we can 8606 * output without effecting the 8607 * flight size since this little guy 8608 * is a control only packet. 8609 */ 8610 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 8611 /* 8612 * do NOT clear the asconf 8613 * flag as it is used to do 8614 * appropriate source address 8615 * selection. 8616 */ 8617 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 8618 (struct sockaddr *)&net->ro._l_addr, 8619 outchain, auth_offset, auth, 8620 stcb->asoc.authinfo.active_keyid, 8621 no_fragmentflg, 0, asconf, 8622 inp->sctp_lport, stcb->rport, 8623 htonl(stcb->asoc.peer_vtag), 8624 net->port, NULL, 8625#if defined(__FreeBSD__) 8626 0, 0, 8627#endif 8628 so_locked))) { 8629 if (error == ENOBUFS) { 8630 asoc->ifp_had_enobuf = 1; 8631 SCTP_STAT_INCR(sctps_lowlevelerr); 8632 } 8633 if (from_where == 0) { 8634 SCTP_STAT_INCR(sctps_lowlevelerrusr); 8635 } 8636 if (*now_filled == 0) { 8637 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 8638 *now_filled = 1; 8639 *now = net->last_sent_time; 8640 } else { 8641 net->last_sent_time = *now; 8642 } 8643 hbflag = 0; 8644 /* error, could not output */ 8645 if (error == EHOSTUNREACH) { 8646 /* 8647 * Destination went 8648 * unreachable 8649 * during this send 8650 */ 8651 sctp_move_chunks_from_net(stcb, net); 8652 } 8653 *reason_code = 7; 8654 continue; 8655 } else 8656 asoc->ifp_had_enobuf = 0; 8657 if (*now_filled == 0) { 8658 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 8659 *now_filled = 1; 8660 *now = net->last_sent_time; 8661 } else { 8662 net->last_sent_time = *now; 8663 } 8664 hbflag = 0; 8665 /* 8666 * increase the number we sent, if a 8667 * cookie is sent we don't tell them 8668 * any was sent out. 8669 */ 8670 outchain = endoutchain = NULL; 8671 auth = NULL; 8672 auth_offset = 0; 8673 if (!no_out_cnt) 8674 *num_out += ctl_cnt; 8675 /* recalc a clean slate and setup */ 8676 switch (net->ro._l_addr.sa.sa_family) { 8677#ifdef INET 8678 case AF_INET: 8679 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8680 break; 8681#endif 8682#ifdef INET6 8683 case AF_INET6: 8684 mtu = net->mtu - SCTP_MIN_OVERHEAD; 8685 break; 8686#endif 8687#if defined(__Userspace__) 8688 case AF_CONN: 8689 mtu = net->mtu - sizeof(struct sctphdr); 8690 break; 8691#endif 8692 default: 8693 /* TSNH */ 8694 mtu = net->mtu; 8695 break; 8696 } 8697 to_out = 0; 8698 no_fragmentflg = 1; 8699 } 8700 } 8701 } 8702 /************************/ 8703 /* Control transmission */ 8704 /************************/ 8705 /* Now first lets go through the control queue */ 8706 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 8707 if ((sack_goes_to) && 8708 (chk->rec.chunk_id.id == SCTP_ECN_ECHO) && 8709 (chk->whoTo != sack_goes_to)) { 8710 /* 8711 * if we have a sack in queue, and we are looking at an 8712 * ecn echo that is NOT queued to where the sack is going.. 8713 */ 8714 if (chk->whoTo == net) { 8715 /* Don't transmit it to where its going (current net) */ 8716 continue; 8717 } else if (sack_goes_to == net) { 8718 /* But do transmit it to this address */ 8719 goto skip_net_check; 8720 } 8721 } 8722 if (chk->whoTo == NULL) { 8723 if (asoc->alternate == NULL) { 8724 if (asoc->primary_destination != net) { 8725 continue; 8726 } 8727 } else { 8728 if (asoc->alternate != net) { 8729 continue; 8730 } 8731 } 8732 } else { 8733 if (chk->whoTo != net) { 8734 continue; 8735 } 8736 } 8737 skip_net_check: 8738 if (chk->data == NULL) { 8739 continue; 8740 } 8741 if (chk->sent != SCTP_DATAGRAM_UNSENT) { 8742 /* 8743 * It must be unsent. Cookies and ASCONF's 8744 * hang around but there timers will force 8745 * when marked for resend. 8746 */ 8747 continue; 8748 } 8749 /* 8750 * if no AUTH is yet included and this chunk 8751 * requires it, make sure to account for it. We 8752 * don't apply the size until the AUTH chunk is 8753 * actually added below in case there is no room for 8754 * this chunk. NOTE: we overload the use of "omtu" 8755 * here 8756 */ 8757 if ((auth == NULL) && 8758 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8759 stcb->asoc.peer_auth_chunks)) { 8760 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8761 } else 8762 omtu = 0; 8763 /* Here we do NOT factor the r_mtu */ 8764 if ((chk->send_size <= (int)(mtu - omtu)) || 8765 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 8766 /* 8767 * We probably should glom the mbuf chain 8768 * from the chk->data for control but the 8769 * problem is it becomes yet one more level 8770 * of tracking to do if for some reason 8771 * output fails. Then I have got to 8772 * reconstruct the merged control chain.. el 8773 * yucko.. for now we take the easy way and 8774 * do the copy 8775 */ 8776 /* 8777 * Add an AUTH chunk, if chunk requires it 8778 * save the offset into the chain for AUTH 8779 */ 8780 if ((auth == NULL) && 8781 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8782 stcb->asoc.peer_auth_chunks))) { 8783 outchain = sctp_add_auth_chunk(outchain, 8784 &endoutchain, 8785 &auth, 8786 &auth_offset, 8787 stcb, 8788 chk->rec.chunk_id.id); 8789 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8790 } 8791 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 8792 (int)chk->rec.chunk_id.can_take_data, 8793 chk->send_size, chk->copy_by_ref); 8794 if (outchain == NULL) { 8795 *reason_code = 8; 8796 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 8797 return (ENOMEM); 8798 } 8799 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8800 /* update our MTU size */ 8801 if (mtu > (chk->send_size + omtu)) 8802 mtu -= (chk->send_size + omtu); 8803 else 8804 mtu = 0; 8805 to_out += (chk->send_size + omtu); 8806 /* Do clear IP_DF ? */ 8807 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8808 no_fragmentflg = 0; 8809 } 8810 if (chk->rec.chunk_id.can_take_data) 8811 chk->data = NULL; 8812 /* Mark things to be removed, if needed */ 8813 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 8814 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 8815 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 8816 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 8817 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 8818 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 8819 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 8820 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 8821 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 8822 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 8823 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 8824 if (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) { 8825 hbflag = 1; 8826 } 8827 /* remove these chunks at the end */ 8828 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 8829 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) { 8830 /* turn off the timer */ 8831 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 8832 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 8833 inp, stcb, net, SCTP_FROM_SCTP_OUTPUT+SCTP_LOC_1); 8834 } 8835 } 8836 ctl_cnt++; 8837 } else { 8838 /* 8839 * Other chunks, since they have 8840 * timers running (i.e. COOKIE) 8841 * we just "trust" that it 8842 * gets sent or retransmitted. 8843 */ 8844 ctl_cnt++; 8845 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 8846 cookie = 1; 8847 no_out_cnt = 1; 8848 } else if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 8849 /* 8850 * Increment ecne send count here 8851 * this means we may be over-zealous in 8852 * our counting if the send fails, but its 8853 * the best place to do it (we used to do 8854 * it in the queue of the chunk, but that did 8855 * not tell how many times it was sent. 8856 */ 8857 SCTP_STAT_INCR(sctps_sendecne); 8858 } 8859 chk->sent = SCTP_DATAGRAM_SENT; 8860 if (chk->whoTo == NULL) { 8861 chk->whoTo = net; 8862 atomic_add_int(&net->ref_count, 1); 8863 } 8864 chk->snd_count++; 8865 } 8866 if (mtu == 0) { 8867 /* 8868 * Ok we are out of room but we can 8869 * output without effecting the 8870 * flight size since this little guy 8871 * is a control only packet. 8872 */ 8873 if (asconf) { 8874 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 8875 /* 8876 * do NOT clear the asconf 8877 * flag as it is used to do 8878 * appropriate source address 8879 * selection. 8880 */ 8881 } 8882 if (cookie) { 8883 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 8884 cookie = 0; 8885 } 8886 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 8887 (struct sockaddr *)&net->ro._l_addr, 8888 outchain, 8889 auth_offset, auth, 8890 stcb->asoc.authinfo.active_keyid, 8891 no_fragmentflg, 0, asconf, 8892 inp->sctp_lport, stcb->rport, 8893 htonl(stcb->asoc.peer_vtag), 8894 net->port, NULL, 8895#if defined(__FreeBSD__) 8896 0, 0, 8897#endif 8898 so_locked))) { 8899 if (error == ENOBUFS) { 8900 asoc->ifp_had_enobuf = 1; 8901 SCTP_STAT_INCR(sctps_lowlevelerr); 8902 } 8903 if (from_where == 0) { 8904 SCTP_STAT_INCR(sctps_lowlevelerrusr); 8905 } 8906 /* error, could not output */ 8907 if (hbflag) { 8908 if (*now_filled == 0) { 8909 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 8910 *now_filled = 1; 8911 *now = net->last_sent_time; 8912 } else { 8913 net->last_sent_time = *now; 8914 } 8915 hbflag = 0; 8916 } 8917 if (error == EHOSTUNREACH) { 8918 /* 8919 * Destination went 8920 * unreachable 8921 * during this send 8922 */ 8923 sctp_move_chunks_from_net(stcb, net); 8924 } 8925 *reason_code = 7; 8926 continue; 8927 } else 8928 asoc->ifp_had_enobuf = 0; 8929 /* Only HB or ASCONF advances time */ 8930 if (hbflag) { 8931 if (*now_filled == 0) { 8932 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 8933 *now_filled = 1; 8934 *now = net->last_sent_time; 8935 } else { 8936 net->last_sent_time = *now; 8937 } 8938 hbflag = 0; 8939 } 8940 /* 8941 * increase the number we sent, if a 8942 * cookie is sent we don't tell them 8943 * any was sent out. 8944 */ 8945 outchain = endoutchain = NULL; 8946 auth = NULL; 8947 auth_offset = 0; 8948 if (!no_out_cnt) 8949 *num_out += ctl_cnt; 8950 /* recalc a clean slate and setup */ 8951 switch (net->ro._l_addr.sa.sa_family) { 8952#ifdef INET 8953 case AF_INET: 8954 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8955 break; 8956#endif 8957#ifdef INET6 8958 case AF_INET6: 8959 mtu = net->mtu - SCTP_MIN_OVERHEAD; 8960 break; 8961#endif 8962#if defined(__Userspace__) 8963 case AF_CONN: 8964 mtu = net->mtu - sizeof(struct sctphdr); 8965 break; 8966#endif 8967 default: 8968 /* TSNH */ 8969 mtu = net->mtu; 8970 break; 8971 } 8972 to_out = 0; 8973 no_fragmentflg = 1; 8974 } 8975 } 8976 } 8977 /* JRI: if dest is in PF state, do not send data to it */ 8978 if ((asoc->sctp_cmt_on_off > 0) && 8979 (net != stcb->asoc.alternate) && 8980 (net->dest_state & SCTP_ADDR_PF)) { 8981 goto no_data_fill; 8982 } 8983 if (net->flight_size >= net->cwnd) { 8984 goto no_data_fill; 8985 } 8986 if ((asoc->sctp_cmt_on_off > 0) && 8987 (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_RECV_BUFFER_SPLITTING) && 8988 (net->flight_size > max_rwnd_per_dest)) { 8989 goto no_data_fill; 8990 } 8991 /* 8992 * We need a specific accounting for the usage of the 8993 * send buffer. We also need to check the number of messages 8994 * per net. For now, this is better than nothing and it 8995 * disabled by default... 8996 */ 8997 if ((asoc->sctp_cmt_on_off > 0) && 8998 (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_SEND_BUFFER_SPLITTING) && 8999 (max_send_per_dest > 0) && 9000 (net->flight_size > max_send_per_dest)) { 9001 goto no_data_fill; 9002 } 9003 /*********************/ 9004 /* Data transmission */ 9005 /*********************/ 9006 /* 9007 * if AUTH for DATA is required and no AUTH has been added 9008 * yet, account for this in the mtu now... if no data can be 9009 * bundled, this adjustment won't matter anyways since the 9010 * packet will be going out... 9011 */ 9012 data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, 9013 stcb->asoc.peer_auth_chunks); 9014 if (data_auth_reqd && (auth == NULL)) { 9015 mtu -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 9016 } 9017 /* now lets add any data within the MTU constraints */ 9018 switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) { 9019#ifdef INET 9020 case AF_INET: 9021 if (net->mtu > (sizeof(struct ip) + sizeof(struct sctphdr))) 9022 omtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 9023 else 9024 omtu = 0; 9025 break; 9026#endif 9027#ifdef INET6 9028 case AF_INET6: 9029 if (net->mtu > (sizeof(struct ip6_hdr) + sizeof(struct sctphdr))) 9030 omtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 9031 else 9032 omtu = 0; 9033 break; 9034#endif 9035#if defined(__Userspace__) 9036 case AF_CONN: 9037 if (net->mtu > sizeof(struct sctphdr)) { 9038 omtu = net->mtu - sizeof(struct sctphdr); 9039 } else { 9040 omtu = 0; 9041 } 9042 break; 9043#endif 9044 default: 9045 /* TSNH */ 9046 omtu = 0; 9047 break; 9048 } 9049 if ((((asoc->state & SCTP_STATE_OPEN) == SCTP_STATE_OPEN) && 9050 (skip_data_for_this_net == 0)) || 9051 (cookie)) { 9052 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 9053 if (no_data_chunks) { 9054 /* let only control go out */ 9055 *reason_code = 1; 9056 break; 9057 } 9058 if (net->flight_size >= net->cwnd) { 9059 /* skip this net, no room for data */ 9060 *reason_code = 2; 9061 break; 9062 } 9063 if ((chk->whoTo != NULL) && 9064 (chk->whoTo != net)) { 9065 /* Don't send the chunk on this net */ 9066 continue; 9067 } 9068 9069 if (asoc->sctp_cmt_on_off == 0) { 9070 if ((asoc->alternate) && 9071 (asoc->alternate != net) && 9072 (chk->whoTo == NULL)) { 9073 continue; 9074 } else if ((net != asoc->primary_destination) && 9075 (asoc->alternate == NULL) && 9076 (chk->whoTo == NULL)) { 9077 continue; 9078 } 9079 } 9080 if ((chk->send_size > omtu) && ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) == 0)) { 9081 /*- 9082 * strange, we have a chunk that is 9083 * to big for its destination and 9084 * yet no fragment ok flag. 9085 * Something went wrong when the 9086 * PMTU changed...we did not mark 9087 * this chunk for some reason?? I 9088 * will fix it here by letting IP 9089 * fragment it for now and printing 9090 * a warning. This really should not 9091 * happen ... 9092 */ 9093 SCTP_PRINTF("Warning chunk of %d bytes > mtu:%d and yet PMTU disc missed\n", 9094 chk->send_size, mtu); 9095 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 9096 } 9097 if (SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) && 9098 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) == SCTP_STATE_SHUTDOWN_PENDING)) { 9099 struct sctp_data_chunk *dchkh; 9100 9101 dchkh = mtod(chk->data, struct sctp_data_chunk *); 9102 dchkh->ch.chunk_flags |= SCTP_DATA_SACK_IMMEDIATELY; 9103 } 9104 if (((chk->send_size <= mtu) && (chk->send_size <= r_mtu)) || 9105 ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) && (chk->send_size <= asoc->peers_rwnd))) { 9106 /* ok we will add this one */ 9107 9108 /* 9109 * Add an AUTH chunk, if chunk 9110 * requires it, save the offset into 9111 * the chain for AUTH 9112 */ 9113 if (data_auth_reqd) { 9114 if (auth == NULL) { 9115 outchain = sctp_add_auth_chunk(outchain, 9116 &endoutchain, 9117 &auth, 9118 &auth_offset, 9119 stcb, 9120 SCTP_DATA); 9121 auth_keyid = chk->auth_keyid; 9122 override_ok = 0; 9123 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9124 } else if (override_ok) { 9125 /* use this data's keyid */ 9126 auth_keyid = chk->auth_keyid; 9127 override_ok = 0; 9128 } else if (auth_keyid != chk->auth_keyid) { 9129 /* different keyid, so done bundling */ 9130 break; 9131 } 9132 } 9133 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 0, 9134 chk->send_size, chk->copy_by_ref); 9135 if (outchain == NULL) { 9136 SCTPDBG(SCTP_DEBUG_OUTPUT3, "No memory?\n"); 9137 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 9138 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 9139 } 9140 *reason_code = 3; 9141 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 9142 return (ENOMEM); 9143 } 9144 /* upate our MTU size */ 9145 /* Do clear IP_DF ? */ 9146 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 9147 no_fragmentflg = 0; 9148 } 9149 /* unsigned subtraction of mtu */ 9150 if (mtu > chk->send_size) 9151 mtu -= chk->send_size; 9152 else 9153 mtu = 0; 9154 /* unsigned subtraction of r_mtu */ 9155 if (r_mtu > chk->send_size) 9156 r_mtu -= chk->send_size; 9157 else 9158 r_mtu = 0; 9159 9160 to_out += chk->send_size; 9161 if ((to_out > mx_mtu) && no_fragmentflg) { 9162#ifdef INVARIANTS 9163 panic("Exceeding mtu of %d out size is %d", mx_mtu, to_out); 9164#else 9165 SCTP_PRINTF("Exceeding mtu of %d out size is %d\n", 9166 mx_mtu, to_out); 9167#endif 9168 } 9169 chk->window_probe = 0; 9170 data_list[bundle_at++] = chk; 9171 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 9172 break; 9173 } 9174 if (chk->sent == SCTP_DATAGRAM_UNSENT) { 9175 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) { 9176 SCTP_STAT_INCR_COUNTER64(sctps_outorderchunks); 9177 } else { 9178 SCTP_STAT_INCR_COUNTER64(sctps_outunorderchunks); 9179 } 9180 if (((chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) == SCTP_DATA_LAST_FRAG) && 9181 ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0)) 9182 /* Count number of user msg's that were fragmented 9183 * we do this by counting when we see a LAST fragment 9184 * only. 9185 */ 9186 SCTP_STAT_INCR_COUNTER64(sctps_fragusrmsgs); 9187 } 9188 if ((mtu == 0) || (r_mtu == 0) || (one_chunk)) { 9189 if ((one_chunk) && (stcb->asoc.total_flight == 0)) { 9190 data_list[0]->window_probe = 1; 9191 net->window_probe = 1; 9192 } 9193 break; 9194 } 9195 } else { 9196 /* 9197 * Must be sent in order of the 9198 * TSN's (on a network) 9199 */ 9200 break; 9201 } 9202 } /* for (chunk gather loop for this net) */ 9203 } /* if asoc.state OPEN */ 9204 no_data_fill: 9205 /* Is there something to send for this destination? */ 9206 if (outchain) { 9207 /* We may need to start a control timer or two */ 9208 if (asconf) { 9209 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, 9210 stcb, net); 9211 /* 9212 * do NOT clear the asconf flag as it is used 9213 * to do appropriate source address selection. 9214 */ 9215 } 9216 if (cookie) { 9217 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 9218 cookie = 0; 9219 } 9220 /* must start a send timer if data is being sent */ 9221 if (bundle_at && (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer))) { 9222 /* 9223 * no timer running on this destination 9224 * restart it. 9225 */ 9226 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 9227 } 9228 /* Now send it, if there is anything to send :> */ 9229 if ((error = sctp_lowlevel_chunk_output(inp, 9230 stcb, 9231 net, 9232 (struct sockaddr *)&net->ro._l_addr, 9233 outchain, 9234 auth_offset, 9235 auth, 9236 auth_keyid, 9237 no_fragmentflg, 9238 bundle_at, 9239 asconf, 9240 inp->sctp_lport, stcb->rport, 9241 htonl(stcb->asoc.peer_vtag), 9242 net->port, NULL, 9243#if defined(__FreeBSD__) 9244 0, 0, 9245#endif 9246 so_locked))) { 9247 /* error, we could not output */ 9248 if (error == ENOBUFS) { 9249 SCTP_STAT_INCR(sctps_lowlevelerr); 9250 asoc->ifp_had_enobuf = 1; 9251 } 9252 if (from_where == 0) { 9253 SCTP_STAT_INCR(sctps_lowlevelerrusr); 9254 } 9255 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error); 9256 if (hbflag) { 9257 if (*now_filled == 0) { 9258 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 9259 *now_filled = 1; 9260 *now = net->last_sent_time; 9261 } else { 9262 net->last_sent_time = *now; 9263 } 9264 hbflag = 0; 9265 } 9266 if (error == EHOSTUNREACH) { 9267 /* 9268 * Destination went unreachable 9269 * during this send 9270 */ 9271 sctp_move_chunks_from_net(stcb, net); 9272 } 9273 *reason_code = 6; 9274 /*- 9275 * I add this line to be paranoid. As far as 9276 * I can tell the continue, takes us back to 9277 * the top of the for, but just to make sure 9278 * I will reset these again here. 9279 */ 9280 ctl_cnt = bundle_at = 0; 9281 continue; /* This takes us back to the for() for the nets. */ 9282 } else { 9283 asoc->ifp_had_enobuf = 0; 9284 } 9285 endoutchain = NULL; 9286 auth = NULL; 9287 auth_offset = 0; 9288 if (bundle_at || hbflag) { 9289 /* For data/asconf and hb set time */ 9290 if (*now_filled == 0) { 9291 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 9292 *now_filled = 1; 9293 *now = net->last_sent_time; 9294 } else { 9295 net->last_sent_time = *now; 9296 } 9297 } 9298 if (!no_out_cnt) { 9299 *num_out += (ctl_cnt + bundle_at); 9300 } 9301 if (bundle_at) { 9302 /* setup for a RTO measurement */ 9303 tsns_sent = data_list[0]->rec.data.TSN_seq; 9304 /* fill time if not already filled */ 9305 if (*now_filled == 0) { 9306 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 9307 *now_filled = 1; 9308 *now = asoc->time_last_sent; 9309 } else { 9310 asoc->time_last_sent = *now; 9311 } 9312 if (net->rto_needed) { 9313 data_list[0]->do_rtt = 1; 9314 net->rto_needed = 0; 9315 } 9316 SCTP_STAT_INCR_BY(sctps_senddata, bundle_at); 9317 sctp_clean_up_datalist(stcb, asoc, data_list, bundle_at, net); 9318 } 9319 if (one_chunk) { 9320 break; 9321 } 9322 } 9323 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9324 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_SEND); 9325 } 9326 } 9327 if (old_start_at == NULL) { 9328 old_start_at = start_at; 9329 start_at = TAILQ_FIRST(&asoc->nets); 9330 if (old_start_at) 9331 goto again_one_more_time; 9332 } 9333 9334 /* 9335 * At the end there should be no NON timed chunks hanging on this 9336 * queue. 9337 */ 9338 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9339 sctp_log_cwnd(stcb, net, *num_out, SCTP_CWND_LOG_FROM_SEND); 9340 } 9341 if ((*num_out == 0) && (*reason_code == 0)) { 9342 *reason_code = 4; 9343 } else { 9344 *reason_code = 5; 9345 } 9346 sctp_clean_up_ctl(stcb, asoc, so_locked); 9347 return (0); 9348} 9349 9350void 9351sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err) 9352{ 9353 /*- 9354 * Prepend a OPERATIONAL_ERROR chunk header and put on the end of 9355 * the control chunk queue. 9356 */ 9357 struct sctp_chunkhdr *hdr; 9358 struct sctp_tmit_chunk *chk; 9359 struct mbuf *mat; 9360 9361 SCTP_TCB_LOCK_ASSERT(stcb); 9362 sctp_alloc_a_chunk(stcb, chk); 9363 if (chk == NULL) { 9364 /* no memory */ 9365 sctp_m_freem(op_err); 9366 return; 9367 } 9368 chk->copy_by_ref = 0; 9369 SCTP_BUF_PREPEND(op_err, sizeof(struct sctp_chunkhdr), M_NOWAIT); 9370 if (op_err == NULL) { 9371 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 9372 return; 9373 } 9374 chk->send_size = 0; 9375 mat = op_err; 9376 while (mat != NULL) { 9377 chk->send_size += SCTP_BUF_LEN(mat); 9378 mat = SCTP_BUF_NEXT(mat); 9379 } 9380 chk->rec.chunk_id.id = SCTP_OPERATION_ERROR; 9381 chk->rec.chunk_id.can_take_data = 1; 9382 chk->sent = SCTP_DATAGRAM_UNSENT; 9383 chk->snd_count = 0; 9384 chk->flags = 0; 9385 chk->asoc = &stcb->asoc; 9386 chk->data = op_err; 9387 chk->whoTo = NULL; 9388 hdr = mtod(op_err, struct sctp_chunkhdr *); 9389 hdr->chunk_type = SCTP_OPERATION_ERROR; 9390 hdr->chunk_flags = 0; 9391 hdr->chunk_length = htons(chk->send_size); 9392 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, 9393 chk, 9394 sctp_next); 9395 chk->asoc->ctrl_queue_cnt++; 9396} 9397 9398int 9399sctp_send_cookie_echo(struct mbuf *m, 9400 int offset, 9401 struct sctp_tcb *stcb, 9402 struct sctp_nets *net) 9403{ 9404 /*- 9405 * pull out the cookie and put it at the front of the control chunk 9406 * queue. 9407 */ 9408 int at; 9409 struct mbuf *cookie; 9410 struct sctp_paramhdr parm, *phdr; 9411 struct sctp_chunkhdr *hdr; 9412 struct sctp_tmit_chunk *chk; 9413 uint16_t ptype, plen; 9414 9415 /* First find the cookie in the param area */ 9416 cookie = NULL; 9417 at = offset + sizeof(struct sctp_init_chunk); 9418 9419 SCTP_TCB_LOCK_ASSERT(stcb); 9420 do { 9421 phdr = sctp_get_next_param(m, at, &parm, sizeof(parm)); 9422 if (phdr == NULL) { 9423 return (-3); 9424 } 9425 ptype = ntohs(phdr->param_type); 9426 plen = ntohs(phdr->param_length); 9427 if (ptype == SCTP_STATE_COOKIE) { 9428 int pad; 9429 9430 /* found the cookie */ 9431 if ((pad = (plen % 4))) { 9432 plen += 4 - pad; 9433 } 9434 cookie = SCTP_M_COPYM(m, at, plen, M_NOWAIT); 9435 if (cookie == NULL) { 9436 /* No memory */ 9437 return (-2); 9438 } 9439#ifdef SCTP_MBUF_LOGGING 9440 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 9441 struct mbuf *mat; 9442 9443 for (mat = cookie; mat; mat = SCTP_BUF_NEXT(mat)) { 9444 if (SCTP_BUF_IS_EXTENDED(mat)) { 9445 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 9446 } 9447 } 9448 } 9449#endif 9450 break; 9451 } 9452 at += SCTP_SIZE32(plen); 9453 } while (phdr); 9454 if (cookie == NULL) { 9455 /* Did not find the cookie */ 9456 return (-3); 9457 } 9458 /* ok, we got the cookie lets change it into a cookie echo chunk */ 9459 9460 /* first the change from param to cookie */ 9461 hdr = mtod(cookie, struct sctp_chunkhdr *); 9462 hdr->chunk_type = SCTP_COOKIE_ECHO; 9463 hdr->chunk_flags = 0; 9464 /* get the chunk stuff now and place it in the FRONT of the queue */ 9465 sctp_alloc_a_chunk(stcb, chk); 9466 if (chk == NULL) { 9467 /* no memory */ 9468 sctp_m_freem(cookie); 9469 return (-5); 9470 } 9471 chk->copy_by_ref = 0; 9472 chk->send_size = plen; 9473 chk->rec.chunk_id.id = SCTP_COOKIE_ECHO; 9474 chk->rec.chunk_id.can_take_data = 0; 9475 chk->sent = SCTP_DATAGRAM_UNSENT; 9476 chk->snd_count = 0; 9477 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 9478 chk->asoc = &stcb->asoc; 9479 chk->data = cookie; 9480 chk->whoTo = net; 9481 atomic_add_int(&chk->whoTo->ref_count, 1); 9482 TAILQ_INSERT_HEAD(&chk->asoc->control_send_queue, chk, sctp_next); 9483 chk->asoc->ctrl_queue_cnt++; 9484 return (0); 9485} 9486 9487void 9488sctp_send_heartbeat_ack(struct sctp_tcb *stcb, 9489 struct mbuf *m, 9490 int offset, 9491 int chk_length, 9492 struct sctp_nets *net) 9493{ 9494 /* 9495 * take a HB request and make it into a HB ack and send it. 9496 */ 9497 struct mbuf *outchain; 9498 struct sctp_chunkhdr *chdr; 9499 struct sctp_tmit_chunk *chk; 9500 9501 9502 if (net == NULL) 9503 /* must have a net pointer */ 9504 return; 9505 9506 outchain = SCTP_M_COPYM(m, offset, chk_length, M_NOWAIT); 9507 if (outchain == NULL) { 9508 /* gak out of memory */ 9509 return; 9510 } 9511#ifdef SCTP_MBUF_LOGGING 9512 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 9513 struct mbuf *mat; 9514 9515 for (mat = outchain; mat; mat = SCTP_BUF_NEXT(mat)) { 9516 if (SCTP_BUF_IS_EXTENDED(mat)) { 9517 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 9518 } 9519 } 9520 } 9521#endif 9522 chdr = mtod(outchain, struct sctp_chunkhdr *); 9523 chdr->chunk_type = SCTP_HEARTBEAT_ACK; 9524 chdr->chunk_flags = 0; 9525 if (chk_length % 4) { 9526 /* need pad */ 9527 uint32_t cpthis = 0; 9528 int padlen; 9529 9530 padlen = 4 - (chk_length % 4); 9531 m_copyback(outchain, chk_length, padlen, (caddr_t)&cpthis); 9532 } 9533 sctp_alloc_a_chunk(stcb, chk); 9534 if (chk == NULL) { 9535 /* no memory */ 9536 sctp_m_freem(outchain); 9537 return; 9538 } 9539 chk->copy_by_ref = 0; 9540 chk->send_size = chk_length; 9541 chk->rec.chunk_id.id = SCTP_HEARTBEAT_ACK; 9542 chk->rec.chunk_id.can_take_data = 1; 9543 chk->sent = SCTP_DATAGRAM_UNSENT; 9544 chk->snd_count = 0; 9545 chk->flags = 0; 9546 chk->asoc = &stcb->asoc; 9547 chk->data = outchain; 9548 chk->whoTo = net; 9549 atomic_add_int(&chk->whoTo->ref_count, 1); 9550 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9551 chk->asoc->ctrl_queue_cnt++; 9552} 9553 9554void 9555sctp_send_cookie_ack(struct sctp_tcb *stcb) 9556{ 9557 /* formulate and queue a cookie-ack back to sender */ 9558 struct mbuf *cookie_ack; 9559 struct sctp_chunkhdr *hdr; 9560 struct sctp_tmit_chunk *chk; 9561 9562 SCTP_TCB_LOCK_ASSERT(stcb); 9563 9564 cookie_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_NOWAIT, 1, MT_HEADER); 9565 if (cookie_ack == NULL) { 9566 /* no mbuf's */ 9567 return; 9568 } 9569 SCTP_BUF_RESV_UF(cookie_ack, SCTP_MIN_OVERHEAD); 9570 sctp_alloc_a_chunk(stcb, chk); 9571 if (chk == NULL) { 9572 /* no memory */ 9573 sctp_m_freem(cookie_ack); 9574 return; 9575 } 9576 chk->copy_by_ref = 0; 9577 chk->send_size = sizeof(struct sctp_chunkhdr); 9578 chk->rec.chunk_id.id = SCTP_COOKIE_ACK; 9579 chk->rec.chunk_id.can_take_data = 1; 9580 chk->sent = SCTP_DATAGRAM_UNSENT; 9581 chk->snd_count = 0; 9582 chk->flags = 0; 9583 chk->asoc = &stcb->asoc; 9584 chk->data = cookie_ack; 9585 if (chk->asoc->last_control_chunk_from != NULL) { 9586 chk->whoTo = chk->asoc->last_control_chunk_from; 9587 atomic_add_int(&chk->whoTo->ref_count, 1); 9588 } else { 9589 chk->whoTo = NULL; 9590 } 9591 hdr = mtod(cookie_ack, struct sctp_chunkhdr *); 9592 hdr->chunk_type = SCTP_COOKIE_ACK; 9593 hdr->chunk_flags = 0; 9594 hdr->chunk_length = htons(chk->send_size); 9595 SCTP_BUF_LEN(cookie_ack) = chk->send_size; 9596 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9597 chk->asoc->ctrl_queue_cnt++; 9598 return; 9599} 9600 9601 9602void 9603sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net) 9604{ 9605 /* formulate and queue a SHUTDOWN-ACK back to the sender */ 9606 struct mbuf *m_shutdown_ack; 9607 struct sctp_shutdown_ack_chunk *ack_cp; 9608 struct sctp_tmit_chunk *chk; 9609 9610 m_shutdown_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_ack_chunk), 0, M_NOWAIT, 1, MT_HEADER); 9611 if (m_shutdown_ack == NULL) { 9612 /* no mbuf's */ 9613 return; 9614 } 9615 SCTP_BUF_RESV_UF(m_shutdown_ack, SCTP_MIN_OVERHEAD); 9616 sctp_alloc_a_chunk(stcb, chk); 9617 if (chk == NULL) { 9618 /* no memory */ 9619 sctp_m_freem(m_shutdown_ack); 9620 return; 9621 } 9622 chk->copy_by_ref = 0; 9623 chk->send_size = sizeof(struct sctp_chunkhdr); 9624 chk->rec.chunk_id.id = SCTP_SHUTDOWN_ACK; 9625 chk->rec.chunk_id.can_take_data = 1; 9626 chk->sent = SCTP_DATAGRAM_UNSENT; 9627 chk->snd_count = 0; 9628 chk->flags = 0; 9629 chk->asoc = &stcb->asoc; 9630 chk->data = m_shutdown_ack; 9631 chk->whoTo = net; 9632 if (chk->whoTo) { 9633 atomic_add_int(&chk->whoTo->ref_count, 1); 9634 } 9635 ack_cp = mtod(m_shutdown_ack, struct sctp_shutdown_ack_chunk *); 9636 ack_cp->ch.chunk_type = SCTP_SHUTDOWN_ACK; 9637 ack_cp->ch.chunk_flags = 0; 9638 ack_cp->ch.chunk_length = htons(chk->send_size); 9639 SCTP_BUF_LEN(m_shutdown_ack) = chk->send_size; 9640 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9641 chk->asoc->ctrl_queue_cnt++; 9642 return; 9643} 9644 9645void 9646sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net) 9647{ 9648 /* formulate and queue a SHUTDOWN to the sender */ 9649 struct mbuf *m_shutdown; 9650 struct sctp_shutdown_chunk *shutdown_cp; 9651 struct sctp_tmit_chunk *chk; 9652 9653 m_shutdown = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_chunk), 0, M_NOWAIT, 1, MT_HEADER); 9654 if (m_shutdown == NULL) { 9655 /* no mbuf's */ 9656 return; 9657 } 9658 SCTP_BUF_RESV_UF(m_shutdown, SCTP_MIN_OVERHEAD); 9659 sctp_alloc_a_chunk(stcb, chk); 9660 if (chk == NULL) { 9661 /* no memory */ 9662 sctp_m_freem(m_shutdown); 9663 return; 9664 } 9665 chk->copy_by_ref = 0; 9666 chk->send_size = sizeof(struct sctp_shutdown_chunk); 9667 chk->rec.chunk_id.id = SCTP_SHUTDOWN; 9668 chk->rec.chunk_id.can_take_data = 1; 9669 chk->sent = SCTP_DATAGRAM_UNSENT; 9670 chk->snd_count = 0; 9671 chk->flags = 0; 9672 chk->asoc = &stcb->asoc; 9673 chk->data = m_shutdown; 9674 chk->whoTo = net; 9675 if (chk->whoTo) { 9676 atomic_add_int(&chk->whoTo->ref_count, 1); 9677 } 9678 shutdown_cp = mtod(m_shutdown, struct sctp_shutdown_chunk *); 9679 shutdown_cp->ch.chunk_type = SCTP_SHUTDOWN; 9680 shutdown_cp->ch.chunk_flags = 0; 9681 shutdown_cp->ch.chunk_length = htons(chk->send_size); 9682 shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn); 9683 SCTP_BUF_LEN(m_shutdown) = chk->send_size; 9684 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9685 chk->asoc->ctrl_queue_cnt++; 9686 return; 9687} 9688 9689void 9690sctp_send_asconf(struct sctp_tcb *stcb, struct sctp_nets *net, int addr_locked) 9691{ 9692 /* 9693 * formulate and queue an ASCONF to the peer. 9694 * ASCONF parameters should be queued on the assoc queue. 9695 */ 9696 struct sctp_tmit_chunk *chk; 9697 struct mbuf *m_asconf; 9698 int len; 9699 9700 SCTP_TCB_LOCK_ASSERT(stcb); 9701 9702 if ((!TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) && 9703 (!sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS))) { 9704 /* can't send a new one if there is one in flight already */ 9705 return; 9706 } 9707 9708 /* compose an ASCONF chunk, maximum length is PMTU */ 9709 m_asconf = sctp_compose_asconf(stcb, &len, addr_locked); 9710 if (m_asconf == NULL) { 9711 return; 9712 } 9713 9714 sctp_alloc_a_chunk(stcb, chk); 9715 if (chk == NULL) { 9716 /* no memory */ 9717 sctp_m_freem(m_asconf); 9718 return; 9719 } 9720 9721 chk->copy_by_ref = 0; 9722 chk->data = m_asconf; 9723 chk->send_size = len; 9724 chk->rec.chunk_id.id = SCTP_ASCONF; 9725 chk->rec.chunk_id.can_take_data = 0; 9726 chk->sent = SCTP_DATAGRAM_UNSENT; 9727 chk->snd_count = 0; 9728 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 9729 chk->asoc = &stcb->asoc; 9730 chk->whoTo = net; 9731 if (chk->whoTo) { 9732 atomic_add_int(&chk->whoTo->ref_count, 1); 9733 } 9734 TAILQ_INSERT_TAIL(&chk->asoc->asconf_send_queue, chk, sctp_next); 9735 chk->asoc->ctrl_queue_cnt++; 9736 return; 9737} 9738 9739void 9740sctp_send_asconf_ack(struct sctp_tcb *stcb) 9741{ 9742 /* 9743 * formulate and queue a asconf-ack back to sender. 9744 * the asconf-ack must be stored in the tcb. 9745 */ 9746 struct sctp_tmit_chunk *chk; 9747 struct sctp_asconf_ack *ack, *latest_ack; 9748 struct mbuf *m_ack; 9749 struct sctp_nets *net = NULL; 9750 9751 SCTP_TCB_LOCK_ASSERT(stcb); 9752 /* Get the latest ASCONF-ACK */ 9753 latest_ack = TAILQ_LAST(&stcb->asoc.asconf_ack_sent, sctp_asconf_ackhead); 9754 if (latest_ack == NULL) { 9755 return; 9756 } 9757 if (latest_ack->last_sent_to != NULL && 9758 latest_ack->last_sent_to == stcb->asoc.last_control_chunk_from) { 9759 /* we're doing a retransmission */ 9760 net = sctp_find_alternate_net(stcb, stcb->asoc.last_control_chunk_from, 0); 9761 if (net == NULL) { 9762 /* no alternate */ 9763 if (stcb->asoc.last_control_chunk_from == NULL) { 9764 if (stcb->asoc.alternate) { 9765 net = stcb->asoc.alternate; 9766 } else { 9767 net = stcb->asoc.primary_destination; 9768 } 9769 } else { 9770 net = stcb->asoc.last_control_chunk_from; 9771 } 9772 } 9773 } else { 9774 /* normal case */ 9775 if (stcb->asoc.last_control_chunk_from == NULL) { 9776 if (stcb->asoc.alternate) { 9777 net = stcb->asoc.alternate; 9778 } else { 9779 net = stcb->asoc.primary_destination; 9780 } 9781 } else { 9782 net = stcb->asoc.last_control_chunk_from; 9783 } 9784 } 9785 latest_ack->last_sent_to = net; 9786 9787 TAILQ_FOREACH(ack, &stcb->asoc.asconf_ack_sent, next) { 9788 if (ack->data == NULL) { 9789 continue; 9790 } 9791 9792 /* copy the asconf_ack */ 9793 m_ack = SCTP_M_COPYM(ack->data, 0, M_COPYALL, M_NOWAIT); 9794 if (m_ack == NULL) { 9795 /* couldn't copy it */ 9796 return; 9797 } 9798#ifdef SCTP_MBUF_LOGGING 9799 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 9800 struct mbuf *mat; 9801 9802 for (mat = m_ack; mat; mat = SCTP_BUF_NEXT(mat)) { 9803 if (SCTP_BUF_IS_EXTENDED(mat)) { 9804 sctp_log_mb(mat, SCTP_MBUF_ICOPY); 9805 } 9806 } 9807 } 9808#endif 9809 9810 sctp_alloc_a_chunk(stcb, chk); 9811 if (chk == NULL) { 9812 /* no memory */ 9813 if (m_ack) 9814 sctp_m_freem(m_ack); 9815 return; 9816 } 9817 chk->copy_by_ref = 0; 9818 9819 chk->whoTo = net; 9820 if (chk->whoTo) { 9821 atomic_add_int(&chk->whoTo->ref_count, 1); 9822 } 9823 chk->data = m_ack; 9824 chk->send_size = 0; 9825 /* Get size */ 9826 chk->send_size = ack->len; 9827 chk->rec.chunk_id.id = SCTP_ASCONF_ACK; 9828 chk->rec.chunk_id.can_take_data = 1; 9829 chk->sent = SCTP_DATAGRAM_UNSENT; 9830 chk->snd_count = 0; 9831 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; /* XXX */ 9832 chk->asoc = &stcb->asoc; 9833 9834 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9835 chk->asoc->ctrl_queue_cnt++; 9836 } 9837 return; 9838} 9839 9840 9841static int 9842sctp_chunk_retransmission(struct sctp_inpcb *inp, 9843 struct sctp_tcb *stcb, 9844 struct sctp_association *asoc, 9845 int *cnt_out, struct timeval *now, int *now_filled, int *fr_done, int so_locked 9846#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 9847 SCTP_UNUSED 9848#endif 9849 ) 9850{ 9851 /*- 9852 * send out one MTU of retransmission. If fast_retransmit is 9853 * happening we ignore the cwnd. Otherwise we obey the cwnd and 9854 * rwnd. For a Cookie or Asconf in the control chunk queue we 9855 * retransmit them by themselves. 9856 * 9857 * For data chunks we will pick out the lowest TSN's in the sent_queue 9858 * marked for resend and bundle them all together (up to a MTU of 9859 * destination). The address to send to should have been 9860 * selected/changed where the retransmission was marked (i.e. in FR 9861 * or t3-timeout routines). 9862 */ 9863 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 9864 struct sctp_tmit_chunk *chk, *fwd; 9865 struct mbuf *m, *endofchain; 9866 struct sctp_nets *net = NULL; 9867 uint32_t tsns_sent = 0; 9868 int no_fragmentflg, bundle_at, cnt_thru; 9869 unsigned int mtu; 9870 int error, i, one_chunk, fwd_tsn, ctl_cnt, tmr_started; 9871 struct sctp_auth_chunk *auth = NULL; 9872 uint32_t auth_offset = 0; 9873 uint16_t auth_keyid; 9874 int override_ok = 1; 9875 int data_auth_reqd = 0; 9876 uint32_t dmtu = 0; 9877 9878#if defined(__APPLE__) 9879 if (so_locked) { 9880 sctp_lock_assert(SCTP_INP_SO(inp)); 9881 } else { 9882 sctp_unlock_assert(SCTP_INP_SO(inp)); 9883 } 9884#endif 9885 SCTP_TCB_LOCK_ASSERT(stcb); 9886 tmr_started = ctl_cnt = bundle_at = error = 0; 9887 no_fragmentflg = 1; 9888 fwd_tsn = 0; 9889 *cnt_out = 0; 9890 fwd = NULL; 9891 endofchain = m = NULL; 9892 auth_keyid = stcb->asoc.authinfo.active_keyid; 9893#ifdef SCTP_AUDITING_ENABLED 9894 sctp_audit_log(0xC3, 1); 9895#endif 9896 if ((TAILQ_EMPTY(&asoc->sent_queue)) && 9897 (TAILQ_EMPTY(&asoc->control_send_queue))) { 9898 SCTPDBG(SCTP_DEBUG_OUTPUT1,"SCTP hits empty queue with cnt set to %d?\n", 9899 asoc->sent_queue_retran_cnt); 9900 asoc->sent_queue_cnt = 0; 9901 asoc->sent_queue_cnt_removeable = 0; 9902 /* send back 0/0 so we enter normal transmission */ 9903 *cnt_out = 0; 9904 return (0); 9905 } 9906 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9907 if ((chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) || 9908 (chk->rec.chunk_id.id == SCTP_STREAM_RESET) || 9909 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN)) { 9910 if (chk->sent != SCTP_DATAGRAM_RESEND) { 9911 continue; 9912 } 9913 if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 9914 if (chk != asoc->str_reset) { 9915 /* 9916 * not eligible for retran if its 9917 * not ours 9918 */ 9919 continue; 9920 } 9921 } 9922 ctl_cnt++; 9923 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 9924 fwd_tsn = 1; 9925 } 9926 /* 9927 * Add an AUTH chunk, if chunk requires it save the 9928 * offset into the chain for AUTH 9929 */ 9930 if ((auth == NULL) && 9931 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 9932 stcb->asoc.peer_auth_chunks))) { 9933 m = sctp_add_auth_chunk(m, &endofchain, 9934 &auth, &auth_offset, 9935 stcb, 9936 chk->rec.chunk_id.id); 9937 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9938 } 9939 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 9940 break; 9941 } 9942 } 9943 one_chunk = 0; 9944 cnt_thru = 0; 9945 /* do we have control chunks to retransmit? */ 9946 if (m != NULL) { 9947 /* Start a timer no matter if we suceed or fail */ 9948 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 9949 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, chk->whoTo); 9950 } else if (chk->rec.chunk_id.id == SCTP_ASCONF) 9951 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, chk->whoTo); 9952 chk->snd_count++; /* update our count */ 9953 if ((error = sctp_lowlevel_chunk_output(inp, stcb, chk->whoTo, 9954 (struct sockaddr *)&chk->whoTo->ro._l_addr, m, 9955 auth_offset, auth, stcb->asoc.authinfo.active_keyid, 9956 no_fragmentflg, 0, 0, 9957 inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 9958 chk->whoTo->port, NULL, 9959#if defined(__FreeBSD__) 9960 0, 0, 9961#endif 9962 so_locked))) { 9963 SCTP_STAT_INCR(sctps_lowlevelerr); 9964 return (error); 9965 } 9966 endofchain = NULL; 9967 auth = NULL; 9968 auth_offset = 0; 9969 /* 9970 * We don't want to mark the net->sent time here since this 9971 * we use this for HB and retrans cannot measure RTT 9972 */ 9973 /* (void)SCTP_GETTIME_TIMEVAL(&chk->whoTo->last_sent_time); */ 9974 *cnt_out += 1; 9975 chk->sent = SCTP_DATAGRAM_SENT; 9976 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt); 9977 if (fwd_tsn == 0) { 9978 return (0); 9979 } else { 9980 /* Clean up the fwd-tsn list */ 9981 sctp_clean_up_ctl(stcb, asoc, so_locked); 9982 return (0); 9983 } 9984 } 9985 /* 9986 * Ok, it is just data retransmission we need to do or that and a 9987 * fwd-tsn with it all. 9988 */ 9989 if (TAILQ_EMPTY(&asoc->sent_queue)) { 9990 return (SCTP_RETRAN_DONE); 9991 } 9992 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) || 9993 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT)) { 9994 /* not yet open, resend the cookie and that is it */ 9995 return (1); 9996 } 9997#ifdef SCTP_AUDITING_ENABLED 9998 sctp_auditing(20, inp, stcb, NULL); 9999#endif 10000 data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks); 10001 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 10002 if (chk->sent != SCTP_DATAGRAM_RESEND) { 10003 /* No, not sent to this net or not ready for rtx */ 10004 continue; 10005 } 10006 if (chk->data == NULL) { 10007 SCTP_PRINTF("TSN:%x chk->snd_count:%d chk->sent:%d can't retran - no data\n", 10008 chk->rec.data.TSN_seq, chk->snd_count, chk->sent); 10009 continue; 10010 } 10011 if ((SCTP_BASE_SYSCTL(sctp_max_retran_chunk)) && 10012 (chk->snd_count >= SCTP_BASE_SYSCTL(sctp_max_retran_chunk))) { 10013 /* Gak, we have exceeded max unlucky retran, abort! */ 10014 SCTP_PRINTF("Gak, chk->snd_count:%d >= max:%d - send abort\n", 10015 chk->snd_count, 10016 SCTP_BASE_SYSCTL(sctp_max_retran_chunk)); 10017 atomic_add_int(&stcb->asoc.refcnt, 1); 10018 sctp_abort_an_association(stcb->sctp_ep, stcb, NULL, so_locked); 10019 SCTP_TCB_LOCK(stcb); 10020 atomic_subtract_int(&stcb->asoc.refcnt, 1); 10021 return (SCTP_RETRAN_EXIT); 10022 } 10023 /* pick up the net */ 10024 net = chk->whoTo; 10025 switch (net->ro._l_addr.sa.sa_family) { 10026#ifdef INET 10027 case AF_INET: 10028 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 10029 break; 10030#endif 10031#ifdef INET6 10032 case AF_INET6: 10033 mtu = net->mtu - SCTP_MIN_OVERHEAD; 10034 break; 10035#endif 10036#if defined(__Userspace__) 10037 case AF_CONN: 10038 mtu = net->mtu - sizeof(struct sctphdr); 10039 break; 10040#endif 10041 default: 10042 /* TSNH */ 10043 mtu = net->mtu; 10044 break; 10045 } 10046 10047 if ((asoc->peers_rwnd < mtu) && (asoc->total_flight > 0)) { 10048 /* No room in peers rwnd */ 10049 uint32_t tsn; 10050 10051 tsn = asoc->last_acked_seq + 1; 10052 if (tsn == chk->rec.data.TSN_seq) { 10053 /* 10054 * we make a special exception for this 10055 * case. The peer has no rwnd but is missing 10056 * the lowest chunk.. which is probably what 10057 * is holding up the rwnd. 10058 */ 10059 goto one_chunk_around; 10060 } 10061 return (1); 10062 } 10063 one_chunk_around: 10064 if (asoc->peers_rwnd < mtu) { 10065 one_chunk = 1; 10066 if ((asoc->peers_rwnd == 0) && 10067 (asoc->total_flight == 0)) { 10068 chk->window_probe = 1; 10069 chk->whoTo->window_probe = 1; 10070 } 10071 } 10072#ifdef SCTP_AUDITING_ENABLED 10073 sctp_audit_log(0xC3, 2); 10074#endif 10075 bundle_at = 0; 10076 m = NULL; 10077 net->fast_retran_ip = 0; 10078 if (chk->rec.data.doing_fast_retransmit == 0) { 10079 /* 10080 * if no FR in progress skip destination that have 10081 * flight_size > cwnd. 10082 */ 10083 if (net->flight_size >= net->cwnd) { 10084 continue; 10085 } 10086 } else { 10087 /* 10088 * Mark the destination net to have FR recovery 10089 * limits put on it. 10090 */ 10091 *fr_done = 1; 10092 net->fast_retran_ip = 1; 10093 } 10094 10095 /* 10096 * if no AUTH is yet included and this chunk requires it, 10097 * make sure to account for it. We don't apply the size 10098 * until the AUTH chunk is actually added below in case 10099 * there is no room for this chunk. 10100 */ 10101 if (data_auth_reqd && (auth == NULL)) { 10102 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 10103 } else 10104 dmtu = 0; 10105 10106 if ((chk->send_size <= (mtu - dmtu)) || 10107 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 10108 /* ok we will add this one */ 10109 if (data_auth_reqd) { 10110 if (auth == NULL) { 10111 m = sctp_add_auth_chunk(m, 10112 &endofchain, 10113 &auth, 10114 &auth_offset, 10115 stcb, 10116 SCTP_DATA); 10117 auth_keyid = chk->auth_keyid; 10118 override_ok = 0; 10119 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10120 } else if (override_ok) { 10121 auth_keyid = chk->auth_keyid; 10122 override_ok = 0; 10123 } else if (chk->auth_keyid != auth_keyid) { 10124 /* different keyid, so done bundling */ 10125 break; 10126 } 10127 } 10128 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 10129 if (m == NULL) { 10130 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 10131 return (ENOMEM); 10132 } 10133 /* Do clear IP_DF ? */ 10134 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 10135 no_fragmentflg = 0; 10136 } 10137 /* upate our MTU size */ 10138 if (mtu > (chk->send_size + dmtu)) 10139 mtu -= (chk->send_size + dmtu); 10140 else 10141 mtu = 0; 10142 data_list[bundle_at++] = chk; 10143 if (one_chunk && (asoc->total_flight <= 0)) { 10144 SCTP_STAT_INCR(sctps_windowprobed); 10145 } 10146 } 10147 if (one_chunk == 0) { 10148 /* 10149 * now are there anymore forward from chk to pick 10150 * up? 10151 */ 10152 for (fwd = TAILQ_NEXT(chk, sctp_next); fwd != NULL; fwd = TAILQ_NEXT(fwd, sctp_next)) { 10153 if (fwd->sent != SCTP_DATAGRAM_RESEND) { 10154 /* Nope, not for retran */ 10155 continue; 10156 } 10157 if (fwd->whoTo != net) { 10158 /* Nope, not the net in question */ 10159 continue; 10160 } 10161 if (data_auth_reqd && (auth == NULL)) { 10162 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 10163 } else 10164 dmtu = 0; 10165 if (fwd->send_size <= (mtu - dmtu)) { 10166 if (data_auth_reqd) { 10167 if (auth == NULL) { 10168 m = sctp_add_auth_chunk(m, 10169 &endofchain, 10170 &auth, 10171 &auth_offset, 10172 stcb, 10173 SCTP_DATA); 10174 auth_keyid = fwd->auth_keyid; 10175 override_ok = 0; 10176 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10177 } else if (override_ok) { 10178 auth_keyid = fwd->auth_keyid; 10179 override_ok = 0; 10180 } else if (fwd->auth_keyid != auth_keyid) { 10181 /* different keyid, so done bundling */ 10182 break; 10183 } 10184 } 10185 m = sctp_copy_mbufchain(fwd->data, m, &endofchain, 0, fwd->send_size, fwd->copy_by_ref); 10186 if (m == NULL) { 10187 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 10188 return (ENOMEM); 10189 } 10190 /* Do clear IP_DF ? */ 10191 if (fwd->flags & CHUNK_FLAGS_FRAGMENT_OK) { 10192 no_fragmentflg = 0; 10193 } 10194 /* upate our MTU size */ 10195 if (mtu > (fwd->send_size + dmtu)) 10196 mtu -= (fwd->send_size + dmtu); 10197 else 10198 mtu = 0; 10199 data_list[bundle_at++] = fwd; 10200 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 10201 break; 10202 } 10203 } else { 10204 /* can't fit so we are done */ 10205 break; 10206 } 10207 } 10208 } 10209 /* Is there something to send for this destination? */ 10210 if (m) { 10211 /* 10212 * No matter if we fail/or suceed we should start a 10213 * timer. A failure is like a lost IP packet :-) 10214 */ 10215 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 10216 /* 10217 * no timer running on this destination 10218 * restart it. 10219 */ 10220 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 10221 tmr_started = 1; 10222 } 10223 /* Now lets send it, if there is anything to send :> */ 10224 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 10225 (struct sockaddr *)&net->ro._l_addr, m, 10226 auth_offset, auth, auth_keyid, 10227 no_fragmentflg, 0, 0, 10228 inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 10229 net->port, NULL, 10230#if defined(__FreeBSD__) 10231 0, 0, 10232#endif 10233 so_locked))) { 10234 /* error, we could not output */ 10235 SCTP_STAT_INCR(sctps_lowlevelerr); 10236 return (error); 10237 } 10238 endofchain = NULL; 10239 auth = NULL; 10240 auth_offset = 0; 10241 /* For HB's */ 10242 /* 10243 * We don't want to mark the net->sent time here 10244 * since this we use this for HB and retrans cannot 10245 * measure RTT 10246 */ 10247 /* (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); */ 10248 10249 /* For auto-close */ 10250 cnt_thru++; 10251 if (*now_filled == 0) { 10252 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 10253 *now = asoc->time_last_sent; 10254 *now_filled = 1; 10255 } else { 10256 asoc->time_last_sent = *now; 10257 } 10258 *cnt_out += bundle_at; 10259#ifdef SCTP_AUDITING_ENABLED 10260 sctp_audit_log(0xC4, bundle_at); 10261#endif 10262 if (bundle_at) { 10263 tsns_sent = data_list[0]->rec.data.TSN_seq; 10264 } 10265 for (i = 0; i < bundle_at; i++) { 10266 SCTP_STAT_INCR(sctps_sendretransdata); 10267 data_list[i]->sent = SCTP_DATAGRAM_SENT; 10268 /* 10269 * When we have a revoked data, and we 10270 * retransmit it, then we clear the revoked 10271 * flag since this flag dictates if we 10272 * subtracted from the fs 10273 */ 10274 if (data_list[i]->rec.data.chunk_was_revoked) { 10275 /* Deflate the cwnd */ 10276 data_list[i]->whoTo->cwnd -= data_list[i]->book_size; 10277 data_list[i]->rec.data.chunk_was_revoked = 0; 10278 } 10279 data_list[i]->snd_count++; 10280 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 10281 /* record the time */ 10282 data_list[i]->sent_rcv_time = asoc->time_last_sent; 10283 if (data_list[i]->book_size_scale) { 10284 /* 10285 * need to double the book size on 10286 * this one 10287 */ 10288 data_list[i]->book_size_scale = 0; 10289 /* Since we double the booksize, we must 10290 * also double the output queue size, since this 10291 * get shrunk when we free by this amount. 10292 */ 10293 atomic_add_int(&((asoc)->total_output_queue_size),data_list[i]->book_size); 10294 data_list[i]->book_size *= 2; 10295 10296 10297 } else { 10298 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 10299 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 10300 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 10301 } 10302 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 10303 (uint32_t) (data_list[i]->send_size + 10304 SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 10305 } 10306 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 10307 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_RSND, 10308 data_list[i]->whoTo->flight_size, 10309 data_list[i]->book_size, 10310 (uintptr_t)data_list[i]->whoTo, 10311 data_list[i]->rec.data.TSN_seq); 10312 } 10313 sctp_flight_size_increase(data_list[i]); 10314 sctp_total_flight_increase(stcb, data_list[i]); 10315 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 10316 /* SWS sender side engages */ 10317 asoc->peers_rwnd = 0; 10318 } 10319 if ((i == 0) && 10320 (data_list[i]->rec.data.doing_fast_retransmit)) { 10321 SCTP_STAT_INCR(sctps_sendfastretrans); 10322 if ((data_list[i] == TAILQ_FIRST(&asoc->sent_queue)) && 10323 (tmr_started == 0)) { 10324 /*- 10325 * ok we just fast-retrans'd 10326 * the lowest TSN, i.e the 10327 * first on the list. In 10328 * this case we want to give 10329 * some more time to get a 10330 * SACK back without a 10331 * t3-expiring. 10332 */ 10333 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net, 10334 SCTP_FROM_SCTP_OUTPUT+SCTP_LOC_4); 10335 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 10336 } 10337 } 10338 } 10339 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10340 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_RESEND); 10341 } 10342#ifdef SCTP_AUDITING_ENABLED 10343 sctp_auditing(21, inp, stcb, NULL); 10344#endif 10345 } else { 10346 /* None will fit */ 10347 return (1); 10348 } 10349 if (asoc->sent_queue_retran_cnt <= 0) { 10350 /* all done we have no more to retran */ 10351 asoc->sent_queue_retran_cnt = 0; 10352 break; 10353 } 10354 if (one_chunk) { 10355 /* No more room in rwnd */ 10356 return (1); 10357 } 10358 /* stop the for loop here. we sent out a packet */ 10359 break; 10360 } 10361 return (0); 10362} 10363 10364static void 10365sctp_timer_validation(struct sctp_inpcb *inp, 10366 struct sctp_tcb *stcb, 10367 struct sctp_association *asoc) 10368{ 10369 struct sctp_nets *net; 10370 10371 /* Validate that a timer is running somewhere */ 10372 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 10373 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 10374 /* Here is a timer */ 10375 return; 10376 } 10377 } 10378 SCTP_TCB_LOCK_ASSERT(stcb); 10379 /* Gak, we did not have a timer somewhere */ 10380 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Deadlock avoided starting timer on a dest at retran\n"); 10381 if (asoc->alternate) { 10382 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->alternate); 10383 } else { 10384 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->primary_destination); 10385 } 10386 return; 10387} 10388 10389void 10390sctp_chunk_output (struct sctp_inpcb *inp, 10391 struct sctp_tcb *stcb, 10392 int from_where, 10393 int so_locked 10394#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10395 SCTP_UNUSED 10396#endif 10397 ) 10398{ 10399 /*- 10400 * Ok this is the generic chunk service queue. we must do the 10401 * following: 10402 * - See if there are retransmits pending, if so we must 10403 * do these first. 10404 * - Service the stream queue that is next, moving any 10405 * message (note I must get a complete message i.e. 10406 * FIRST/MIDDLE and LAST to the out queue in one pass) and assigning 10407 * TSN's 10408 * - Check to see if the cwnd/rwnd allows any output, if so we 10409 * go ahead and fomulate and send the low level chunks. Making sure 10410 * to combine any control in the control chunk queue also. 10411 */ 10412 struct sctp_association *asoc; 10413 struct sctp_nets *net; 10414 int error = 0, num_out = 0, tot_out = 0, ret = 0, reason_code = 0; 10415 unsigned int burst_cnt = 0; 10416 struct timeval now; 10417 int now_filled = 0; 10418 int nagle_on; 10419 int frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 10420 int un_sent = 0; 10421 int fr_done; 10422 unsigned int tot_frs = 0; 10423 10424#if defined(__APPLE__) 10425 if (so_locked) { 10426 sctp_lock_assert(SCTP_INP_SO(inp)); 10427 } else { 10428 sctp_unlock_assert(SCTP_INP_SO(inp)); 10429 } 10430#endif 10431 asoc = &stcb->asoc; 10432 /* The Nagle algorithm is only applied when handling a send call. */ 10433 if (from_where == SCTP_OUTPUT_FROM_USR_SEND) { 10434 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NODELAY)) { 10435 nagle_on = 0; 10436 } else { 10437 nagle_on = 1; 10438 } 10439 } else { 10440 nagle_on = 0; 10441 } 10442 SCTP_TCB_LOCK_ASSERT(stcb); 10443 10444 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); 10445 10446 if ((un_sent <= 0) && 10447 (TAILQ_EMPTY(&asoc->control_send_queue)) && 10448 (TAILQ_EMPTY(&asoc->asconf_send_queue)) && 10449 (asoc->sent_queue_retran_cnt == 0)) { 10450 /* Nothing to do unless there is something to be sent left */ 10451 return; 10452 } 10453 /* Do we have something to send, data or control AND 10454 * a sack timer running, if so piggy-back the sack. 10455 */ 10456 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 10457 sctp_send_sack(stcb, so_locked); 10458 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); 10459 } 10460 while (asoc->sent_queue_retran_cnt) { 10461 /*- 10462 * Ok, it is retransmission time only, we send out only ONE 10463 * packet with a single call off to the retran code. 10464 */ 10465 if (from_where == SCTP_OUTPUT_FROM_COOKIE_ACK) { 10466 /*- 10467 * Special hook for handling cookiess discarded 10468 * by peer that carried data. Send cookie-ack only 10469 * and then the next call with get the retran's. 10470 */ 10471 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 10472 from_where, 10473 &now, &now_filled, frag_point, so_locked); 10474 return; 10475 } else if (from_where != SCTP_OUTPUT_FROM_HB_TMR) { 10476 /* if its not from a HB then do it */ 10477 fr_done = 0; 10478 ret = sctp_chunk_retransmission(inp, stcb, asoc, &num_out, &now, &now_filled, &fr_done, so_locked); 10479 if (fr_done) { 10480 tot_frs++; 10481 } 10482 } else { 10483 /* 10484 * its from any other place, we don't allow retran 10485 * output (only control) 10486 */ 10487 ret = 1; 10488 } 10489 if (ret > 0) { 10490 /* Can't send anymore */ 10491 /*- 10492 * now lets push out control by calling med-level 10493 * output once. this assures that we WILL send HB's 10494 * if queued too. 10495 */ 10496 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 10497 from_where, 10498 &now, &now_filled, frag_point, so_locked); 10499#ifdef SCTP_AUDITING_ENABLED 10500 sctp_auditing(8, inp, stcb, NULL); 10501#endif 10502 sctp_timer_validation(inp, stcb, asoc); 10503 return; 10504 } 10505 if (ret < 0) { 10506 /*- 10507 * The count was off.. retran is not happening so do 10508 * the normal retransmission. 10509 */ 10510#ifdef SCTP_AUDITING_ENABLED 10511 sctp_auditing(9, inp, stcb, NULL); 10512#endif 10513 if (ret == SCTP_RETRAN_EXIT) { 10514 return; 10515 } 10516 break; 10517 } 10518 if (from_where == SCTP_OUTPUT_FROM_T3) { 10519 /* Only one transmission allowed out of a timeout */ 10520#ifdef SCTP_AUDITING_ENABLED 10521 sctp_auditing(10, inp, stcb, NULL); 10522#endif 10523 /* Push out any control */ 10524 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, from_where, 10525 &now, &now_filled, frag_point, so_locked); 10526 return; 10527 } 10528 if ((asoc->fr_max_burst > 0) && (tot_frs >= asoc->fr_max_burst)) { 10529 /* Hit FR burst limit */ 10530 return; 10531 } 10532 if ((num_out == 0) && (ret == 0)) { 10533 /* No more retrans to send */ 10534 break; 10535 } 10536 } 10537#ifdef SCTP_AUDITING_ENABLED 10538 sctp_auditing(12, inp, stcb, NULL); 10539#endif 10540 /* Check for bad destinations, if they exist move chunks around. */ 10541 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 10542 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) { 10543 /*- 10544 * if possible move things off of this address we 10545 * still may send below due to the dormant state but 10546 * we try to find an alternate address to send to 10547 * and if we have one we move all queued data on the 10548 * out wheel to this alternate address. 10549 */ 10550 if (net->ref_count > 1) 10551 sctp_move_chunks_from_net(stcb, net); 10552 } else { 10553 /*- 10554 * if ((asoc->sat_network) || (net->addr_is_local)) 10555 * { burst_limit = asoc->max_burst * 10556 * SCTP_SAT_NETWORK_BURST_INCR; } 10557 */ 10558 if (asoc->max_burst > 0) { 10559 if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst)) { 10560 if ((net->flight_size + (asoc->max_burst * net->mtu)) < net->cwnd) { 10561 /* JRS - Use the congestion control given in the congestion control module */ 10562 asoc->cc_functions.sctp_cwnd_update_after_output(stcb, net, asoc->max_burst); 10563 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 10564 sctp_log_maxburst(stcb, net, 0, asoc->max_burst, SCTP_MAX_BURST_APPLIED); 10565 } 10566 SCTP_STAT_INCR(sctps_maxburstqueued); 10567 } 10568 net->fast_retran_ip = 0; 10569 } else { 10570 if (net->flight_size == 0) { 10571 /* Should be decaying the cwnd here */ 10572 ; 10573 } 10574 } 10575 } 10576 } 10577 10578 } 10579 burst_cnt = 0; 10580 do { 10581 error = sctp_med_chunk_output(inp, stcb, asoc, &num_out, 10582 &reason_code, 0, from_where, 10583 &now, &now_filled, frag_point, so_locked); 10584 if (error) { 10585 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Error %d was returned from med-c-op\n", error); 10586 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 10587 sctp_log_maxburst(stcb, asoc->primary_destination, error, burst_cnt, SCTP_MAX_BURST_ERROR_STOP); 10588 } 10589 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10590 sctp_log_cwnd(stcb, NULL, error, SCTP_SEND_NOW_COMPLETES); 10591 sctp_log_cwnd(stcb, NULL, 0xdeadbeef, SCTP_SEND_NOW_COMPLETES); 10592 } 10593 break; 10594 } 10595 SCTPDBG(SCTP_DEBUG_OUTPUT3, "m-c-o put out %d\n", num_out); 10596 10597 tot_out += num_out; 10598 burst_cnt++; 10599 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10600 sctp_log_cwnd(stcb, NULL, num_out, SCTP_SEND_NOW_COMPLETES); 10601 if (num_out == 0) { 10602 sctp_log_cwnd(stcb, NULL, reason_code, SCTP_SEND_NOW_COMPLETES); 10603 } 10604 } 10605 if (nagle_on) { 10606 /* 10607 * When the Nagle algorithm is used, look at how much 10608 * is unsent, then if its smaller than an MTU and we 10609 * have data in flight we stop, except if we are 10610 * handling a fragmented user message. 10611 */ 10612 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 10613 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 10614 if ((un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) && 10615 (stcb->asoc.total_flight > 0) && 10616 ((stcb->asoc.locked_on_sending == NULL) || 10617 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) { 10618 break; 10619 } 10620 } 10621 if (TAILQ_EMPTY(&asoc->control_send_queue) && 10622 TAILQ_EMPTY(&asoc->send_queue) && 10623 stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { 10624 /* Nothing left to send */ 10625 break; 10626 } 10627 if ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) <= 0) { 10628 /* Nothing left to send */ 10629 break; 10630 } 10631 } while (num_out && 10632 ((asoc->max_burst == 0) || 10633 SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) || 10634 (burst_cnt < asoc->max_burst))); 10635 10636 if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) == 0) { 10637 if ((asoc->max_burst > 0) && (burst_cnt >= asoc->max_burst)) { 10638 SCTP_STAT_INCR(sctps_maxburstqueued); 10639 asoc->burst_limit_applied = 1; 10640 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 10641 sctp_log_maxburst(stcb, asoc->primary_destination, 0, burst_cnt, SCTP_MAX_BURST_APPLIED); 10642 } 10643 } else { 10644 asoc->burst_limit_applied = 0; 10645 } 10646 } 10647 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10648 sctp_log_cwnd(stcb, NULL, tot_out, SCTP_SEND_NOW_COMPLETES); 10649 } 10650 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, we have put out %d chunks\n", 10651 tot_out); 10652 10653 /*- 10654 * Now we need to clean up the control chunk chain if a ECNE is on 10655 * it. It must be marked as UNSENT again so next call will continue 10656 * to send it until such time that we get a CWR, to remove it. 10657 */ 10658 if (stcb->asoc.ecn_echo_cnt_onq) 10659 sctp_fix_ecn_echo(asoc); 10660 return; 10661} 10662 10663 10664int 10665sctp_output( 10666 struct sctp_inpcb *inp, 10667#if defined(__Panda__) 10668 pakhandle_type m, 10669#else 10670 struct mbuf *m, 10671#endif 10672 struct sockaddr *addr, 10673#if defined(__Panda__) 10674 pakhandle_type control, 10675#else 10676 struct mbuf *control, 10677#endif 10678#if defined(__FreeBSD__) && __FreeBSD_version >= 500000 10679 struct thread *p, 10680#elif defined(__Windows__) 10681 PKTHREAD p, 10682#else 10683#if defined(__APPLE__) 10684 struct proc *p SCTP_UNUSED, 10685#else 10686 struct proc *p, 10687#endif 10688#endif 10689 int flags) 10690{ 10691 if (inp == NULL) { 10692 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 10693 return (EINVAL); 10694 } 10695 10696 if (inp->sctp_socket == NULL) { 10697 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 10698 return (EINVAL); 10699 } 10700 return (sctp_sosend(inp->sctp_socket, 10701 addr, 10702 (struct uio *)NULL, 10703 m, 10704 control, 10705#if defined(__APPLE__) || defined(__Panda__) 10706 flags 10707#else 10708 flags, p 10709#endif 10710 )); 10711} 10712 10713void 10714send_forward_tsn(struct sctp_tcb *stcb, 10715 struct sctp_association *asoc) 10716{ 10717 struct sctp_tmit_chunk *chk; 10718 struct sctp_forward_tsn_chunk *fwdtsn; 10719 uint32_t advance_peer_ack_point; 10720 10721 SCTP_TCB_LOCK_ASSERT(stcb); 10722 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10723 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 10724 /* mark it to unsent */ 10725 chk->sent = SCTP_DATAGRAM_UNSENT; 10726 chk->snd_count = 0; 10727 /* Do we correct its output location? */ 10728 if (chk->whoTo) { 10729 sctp_free_remote_addr(chk->whoTo); 10730 chk->whoTo = NULL; 10731 } 10732 goto sctp_fill_in_rest; 10733 } 10734 } 10735 /* Ok if we reach here we must build one */ 10736 sctp_alloc_a_chunk(stcb, chk); 10737 if (chk == NULL) { 10738 return; 10739 } 10740 asoc->fwd_tsn_cnt++; 10741 chk->copy_by_ref = 0; 10742 chk->rec.chunk_id.id = SCTP_FORWARD_CUM_TSN; 10743 chk->rec.chunk_id.can_take_data = 0; 10744 chk->asoc = asoc; 10745 chk->whoTo = NULL; 10746 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 10747 if (chk->data == NULL) { 10748 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 10749 return; 10750 } 10751 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10752 chk->sent = SCTP_DATAGRAM_UNSENT; 10753 chk->snd_count = 0; 10754 TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next); 10755 asoc->ctrl_queue_cnt++; 10756sctp_fill_in_rest: 10757 /*- 10758 * Here we go through and fill out the part that deals with 10759 * stream/seq of the ones we skip. 10760 */ 10761 SCTP_BUF_LEN(chk->data) = 0; 10762 { 10763 struct sctp_tmit_chunk *at, *tp1, *last; 10764 struct sctp_strseq *strseq; 10765 unsigned int cnt_of_space, i, ovh; 10766 unsigned int space_needed; 10767 unsigned int cnt_of_skipped = 0; 10768 10769 TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) { 10770 if ((at->sent != SCTP_FORWARD_TSN_SKIP) && 10771 (at->sent != SCTP_DATAGRAM_NR_ACKED)) { 10772 /* no more to look at */ 10773 break; 10774 } 10775 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 10776 /* We don't report these */ 10777 continue; 10778 } 10779 cnt_of_skipped++; 10780 } 10781 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 10782 (cnt_of_skipped * sizeof(struct sctp_strseq))); 10783 10784 cnt_of_space = M_TRAILINGSPACE(chk->data); 10785 10786 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 10787 ovh = SCTP_MIN_OVERHEAD; 10788 } else { 10789 ovh = SCTP_MIN_V4_OVERHEAD; 10790 } 10791 if (cnt_of_space > (asoc->smallest_mtu - ovh)) { 10792 /* trim to a mtu size */ 10793 cnt_of_space = asoc->smallest_mtu - ovh; 10794 } 10795 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 10796 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 10797 0xff, 0, cnt_of_skipped, 10798 asoc->advanced_peer_ack_point); 10799 10800 } 10801 advance_peer_ack_point = asoc->advanced_peer_ack_point; 10802 if (cnt_of_space < space_needed) { 10803 /*- 10804 * ok we must trim down the chunk by lowering the 10805 * advance peer ack point. 10806 */ 10807 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 10808 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 10809 0xff, 0xff, cnt_of_space, 10810 space_needed); 10811 } 10812 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); 10813 cnt_of_skipped /= sizeof(struct sctp_strseq); 10814 /*- 10815 * Go through and find the TSN that will be the one 10816 * we report. 10817 */ 10818 at = TAILQ_FIRST(&asoc->sent_queue); 10819 if (at != NULL) { 10820 for (i = 0; i < cnt_of_skipped; i++) { 10821 tp1 = TAILQ_NEXT(at, sctp_next); 10822 if (tp1 == NULL) { 10823 break; 10824 } 10825 at = tp1; 10826 } 10827 } 10828 if (at && SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 10829 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 10830 0xff, cnt_of_skipped, at->rec.data.TSN_seq, 10831 asoc->advanced_peer_ack_point); 10832 } 10833 last = at; 10834 /*- 10835 * last now points to last one I can report, update 10836 * peer ack point 10837 */ 10838 if (last) 10839 advance_peer_ack_point = last->rec.data.TSN_seq; 10840 space_needed = sizeof(struct sctp_forward_tsn_chunk) + 10841 cnt_of_skipped * sizeof(struct sctp_strseq); 10842 } 10843 chk->send_size = space_needed; 10844 /* Setup the chunk */ 10845 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 10846 fwdtsn->ch.chunk_length = htons(chk->send_size); 10847 fwdtsn->ch.chunk_flags = 0; 10848 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 10849 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point); 10850 SCTP_BUF_LEN(chk->data) = chk->send_size; 10851 fwdtsn++; 10852 /*- 10853 * Move pointer to after the fwdtsn and transfer to the 10854 * strseq pointer. 10855 */ 10856 strseq = (struct sctp_strseq *)fwdtsn; 10857 /*- 10858 * Now populate the strseq list. This is done blindly 10859 * without pulling out duplicate stream info. This is 10860 * inefficent but won't harm the process since the peer will 10861 * look at these in sequence and will thus release anything. 10862 * It could mean we exceed the PMTU and chop off some that 10863 * we could have included.. but this is unlikely (aka 1432/4 10864 * would mean 300+ stream seq's would have to be reported in 10865 * one FWD-TSN. With a bit of work we can later FIX this to 10866 * optimize and pull out duplcates.. but it does add more 10867 * overhead. So for now... not! 10868 */ 10869 at = TAILQ_FIRST(&asoc->sent_queue); 10870 for (i = 0; i < cnt_of_skipped; i++) { 10871 tp1 = TAILQ_NEXT(at, sctp_next); 10872 if (tp1 == NULL) 10873 break; 10874 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 10875 /* We don't report these */ 10876 i--; 10877 at = tp1; 10878 continue; 10879 } 10880 if (at->rec.data.TSN_seq == advance_peer_ack_point) { 10881 at->rec.data.fwd_tsn_cnt = 0; 10882 } 10883 strseq->stream = ntohs(at->rec.data.stream_number); 10884 strseq->sequence = ntohs(at->rec.data.stream_seq); 10885 strseq++; 10886 at = tp1; 10887 } 10888 } 10889 return; 10890} 10891 10892void 10893sctp_send_sack(struct sctp_tcb *stcb, int so_locked 10894#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10895 SCTP_UNUSED 10896#endif 10897) 10898{ 10899 /*- 10900 * Queue up a SACK or NR-SACK in the control queue. 10901 * We must first check to see if a SACK or NR-SACK is 10902 * somehow on the control queue. 10903 * If so, we will take and and remove the old one. 10904 */ 10905 struct sctp_association *asoc; 10906 struct sctp_tmit_chunk *chk, *a_chk; 10907 struct sctp_sack_chunk *sack; 10908 struct sctp_nr_sack_chunk *nr_sack; 10909 struct sctp_gap_ack_block *gap_descriptor; 10910 struct sack_track *selector; 10911 int mergeable = 0; 10912 int offset; 10913 caddr_t limit; 10914 uint32_t *dup; 10915 int limit_reached = 0; 10916 unsigned int i, siz, j; 10917 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space; 10918 int num_dups = 0; 10919 int space_req; 10920 uint32_t highest_tsn; 10921 uint8_t flags; 10922 uint8_t type; 10923 uint8_t tsn_map; 10924 10925 if (stcb->asoc.nrsack_supported == 1) { 10926 type = SCTP_NR_SELECTIVE_ACK; 10927 } else { 10928 type = SCTP_SELECTIVE_ACK; 10929 } 10930 a_chk = NULL; 10931 asoc = &stcb->asoc; 10932 SCTP_TCB_LOCK_ASSERT(stcb); 10933 if (asoc->last_data_chunk_from == NULL) { 10934 /* Hmm we never received anything */ 10935 return; 10936 } 10937 sctp_slide_mapping_arrays(stcb); 10938 sctp_set_rwnd(stcb, asoc); 10939 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10940 if (chk->rec.chunk_id.id == type) { 10941 /* Hmm, found a sack already on queue, remove it */ 10942 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 10943 asoc->ctrl_queue_cnt--; 10944 a_chk = chk; 10945 if (a_chk->data) { 10946 sctp_m_freem(a_chk->data); 10947 a_chk->data = NULL; 10948 } 10949 if (a_chk->whoTo) { 10950 sctp_free_remote_addr(a_chk->whoTo); 10951 a_chk->whoTo = NULL; 10952 } 10953 break; 10954 } 10955 } 10956 if (a_chk == NULL) { 10957 sctp_alloc_a_chunk(stcb, a_chk); 10958 if (a_chk == NULL) { 10959 /* No memory so we drop the idea, and set a timer */ 10960 if (stcb->asoc.delayed_ack) { 10961 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 10962 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); 10963 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 10964 stcb->sctp_ep, stcb, NULL); 10965 } else { 10966 stcb->asoc.send_sack = 1; 10967 } 10968 return; 10969 } 10970 a_chk->copy_by_ref = 0; 10971 a_chk->rec.chunk_id.id = type; 10972 a_chk->rec.chunk_id.can_take_data = 1; 10973 } 10974 /* Clear our pkt counts */ 10975 asoc->data_pkts_seen = 0; 10976 10977 a_chk->asoc = asoc; 10978 a_chk->snd_count = 0; 10979 a_chk->send_size = 0; /* fill in later */ 10980 a_chk->sent = SCTP_DATAGRAM_UNSENT; 10981 a_chk->whoTo = NULL; 10982 10983 if ((asoc->numduptsns) || 10984 (!(asoc->last_data_chunk_from->dest_state & SCTP_ADDR_REACHABLE))) { 10985 /*- 10986 * Ok, we have some duplicates or the destination for the 10987 * sack is unreachable, lets see if we can select an 10988 * alternate than asoc->last_data_chunk_from 10989 */ 10990 if ((asoc->last_data_chunk_from->dest_state & SCTP_ADDR_REACHABLE) && 10991 (asoc->used_alt_onsack > asoc->numnets)) { 10992 /* We used an alt last time, don't this time */ 10993 a_chk->whoTo = NULL; 10994 } else { 10995 asoc->used_alt_onsack++; 10996 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0); 10997 } 10998 if (a_chk->whoTo == NULL) { 10999 /* Nope, no alternate */ 11000 a_chk->whoTo = asoc->last_data_chunk_from; 11001 asoc->used_alt_onsack = 0; 11002 } 11003 } else { 11004 /* 11005 * No duplicates so we use the last place we received data 11006 * from. 11007 */ 11008 asoc->used_alt_onsack = 0; 11009 a_chk->whoTo = asoc->last_data_chunk_from; 11010 } 11011 if (a_chk->whoTo) { 11012 atomic_add_int(&a_chk->whoTo->ref_count, 1); 11013 } 11014 if (SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map)) { 11015 highest_tsn = asoc->highest_tsn_inside_map; 11016 } else { 11017 highest_tsn = asoc->highest_tsn_inside_nr_map; 11018 } 11019 if (highest_tsn == asoc->cumulative_tsn) { 11020 /* no gaps */ 11021 if (type == SCTP_SELECTIVE_ACK) { 11022 space_req = sizeof(struct sctp_sack_chunk); 11023 } else { 11024 space_req = sizeof(struct sctp_nr_sack_chunk); 11025 } 11026 } else { 11027 /* gaps get a cluster */ 11028 space_req = MCLBYTES; 11029 } 11030 /* Ok now lets formulate a MBUF with our sack */ 11031 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_NOWAIT, 1, MT_DATA); 11032 if ((a_chk->data == NULL) || 11033 (a_chk->whoTo == NULL)) { 11034 /* rats, no mbuf memory */ 11035 if (a_chk->data) { 11036 /* was a problem with the destination */ 11037 sctp_m_freem(a_chk->data); 11038 a_chk->data = NULL; 11039 } 11040 sctp_free_a_chunk(stcb, a_chk, so_locked); 11041 /* sa_ignore NO_NULL_CHK */ 11042 if (stcb->asoc.delayed_ack) { 11043 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 11044 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6); 11045 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 11046 stcb->sctp_ep, stcb, NULL); 11047 } else { 11048 stcb->asoc.send_sack = 1; 11049 } 11050 return; 11051 } 11052 /* ok, lets go through and fill it in */ 11053 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD); 11054 space = M_TRAILINGSPACE(a_chk->data); 11055 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) { 11056 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD); 11057 } 11058 limit = mtod(a_chk->data, caddr_t); 11059 limit += space; 11060 11061 flags = 0; 11062 11063 if ((asoc->sctp_cmt_on_off > 0) && 11064 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) { 11065 /*- 11066 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been 11067 * received, then set high bit to 1, else 0. Reset 11068 * pkts_rcvd. 11069 */ 11070 flags |= (asoc->cmt_dac_pkts_rcvd << 6); 11071 asoc->cmt_dac_pkts_rcvd = 0; 11072 } 11073#ifdef SCTP_ASOCLOG_OF_TSNS 11074 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn; 11075 stcb->asoc.cumack_log_atsnt++; 11076 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) { 11077 stcb->asoc.cumack_log_atsnt = 0; 11078 } 11079#endif 11080 /* reset the readers interpretation */ 11081 stcb->freed_by_sorcv_sincelast = 0; 11082 11083 if (type == SCTP_SELECTIVE_ACK) { 11084 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 11085 nr_sack = NULL; 11086 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk)); 11087 if (highest_tsn > asoc->mapping_array_base_tsn) { 11088 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 11089 } else { 11090 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8; 11091 } 11092 } else { 11093 sack = NULL; 11094 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *); 11095 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk)); 11096 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) { 11097 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 11098 } else { 11099 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8; 11100 } 11101 } 11102 11103 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) { 11104 offset = 1; 11105 } else { 11106 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 11107 } 11108 if (((type == SCTP_SELECTIVE_ACK) && 11109 SCTP_TSN_GT(highest_tsn, asoc->cumulative_tsn)) || 11110 ((type == SCTP_NR_SELECTIVE_ACK) && 11111 SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->cumulative_tsn))) { 11112 /* we have a gap .. maybe */ 11113 for (i = 0; i < siz; i++) { 11114 tsn_map = asoc->mapping_array[i]; 11115 if (type == SCTP_SELECTIVE_ACK) { 11116 tsn_map |= asoc->nr_mapping_array[i]; 11117 } 11118 if (i == 0) { 11119 /* 11120 * Clear all bits corresponding to TSNs 11121 * smaller or equal to the cumulative TSN. 11122 */ 11123 tsn_map &= (~0 << (1 - offset)); 11124 } 11125 selector = &sack_array[tsn_map]; 11126 if (mergeable && selector->right_edge) { 11127 /* 11128 * Backup, left and right edges were ok to 11129 * merge. 11130 */ 11131 num_gap_blocks--; 11132 gap_descriptor--; 11133 } 11134 if (selector->num_entries == 0) 11135 mergeable = 0; 11136 else { 11137 for (j = 0; j < selector->num_entries; j++) { 11138 if (mergeable && selector->right_edge) { 11139 /* 11140 * do a merge by NOT setting 11141 * the left side 11142 */ 11143 mergeable = 0; 11144 } else { 11145 /* 11146 * no merge, set the left 11147 * side 11148 */ 11149 mergeable = 0; 11150 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 11151 } 11152 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 11153 num_gap_blocks++; 11154 gap_descriptor++; 11155 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 11156 /* no more room */ 11157 limit_reached = 1; 11158 break; 11159 } 11160 } 11161 if (selector->left_edge) { 11162 mergeable = 1; 11163 } 11164 } 11165 if (limit_reached) { 11166 /* Reached the limit stop */ 11167 break; 11168 } 11169 offset += 8; 11170 } 11171 } 11172 if ((type == SCTP_NR_SELECTIVE_ACK) && 11173 (limit_reached == 0)) { 11174 11175 mergeable = 0; 11176 11177 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn) { 11178 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 11179 } else { 11180 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8; 11181 } 11182 11183 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) { 11184 offset = 1; 11185 } else { 11186 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 11187 } 11188 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn)) { 11189 /* we have a gap .. maybe */ 11190 for (i = 0; i < siz; i++) { 11191 tsn_map = asoc->nr_mapping_array[i]; 11192 if (i == 0) { 11193 /* 11194 * Clear all bits corresponding to TSNs 11195 * smaller or equal to the cumulative TSN. 11196 */ 11197 tsn_map &= (~0 << (1 - offset)); 11198 } 11199 selector = &sack_array[tsn_map]; 11200 if (mergeable && selector->right_edge) { 11201 /* 11202 * Backup, left and right edges were ok to 11203 * merge. 11204 */ 11205 num_nr_gap_blocks--; 11206 gap_descriptor--; 11207 } 11208 if (selector->num_entries == 0) 11209 mergeable = 0; 11210 else { 11211 for (j = 0; j < selector->num_entries; j++) { 11212 if (mergeable && selector->right_edge) { 11213 /* 11214 * do a merge by NOT setting 11215 * the left side 11216 */ 11217 mergeable = 0; 11218 } else { 11219 /* 11220 * no merge, set the left 11221 * side 11222 */ 11223 mergeable = 0; 11224 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 11225 } 11226 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 11227 num_nr_gap_blocks++; 11228 gap_descriptor++; 11229 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 11230 /* no more room */ 11231 limit_reached = 1; 11232 break; 11233 } 11234 } 11235 if (selector->left_edge) { 11236 mergeable = 1; 11237 } 11238 } 11239 if (limit_reached) { 11240 /* Reached the limit stop */ 11241 break; 11242 } 11243 offset += 8; 11244 } 11245 } 11246 } 11247 /* now we must add any dups we are going to report. */ 11248 if ((limit_reached == 0) && (asoc->numduptsns)) { 11249 dup = (uint32_t *) gap_descriptor; 11250 for (i = 0; i < asoc->numduptsns; i++) { 11251 *dup = htonl(asoc->dup_tsns[i]); 11252 dup++; 11253 num_dups++; 11254 if (((caddr_t)dup + sizeof(uint32_t)) > limit) { 11255 /* no more room */ 11256 break; 11257 } 11258 } 11259 asoc->numduptsns = 0; 11260 } 11261 /* 11262 * now that the chunk is prepared queue it to the control chunk 11263 * queue. 11264 */ 11265 if (type == SCTP_SELECTIVE_ACK) { 11266 a_chk->send_size = sizeof(struct sctp_sack_chunk) + 11267 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 11268 num_dups * sizeof(int32_t); 11269 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 11270 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 11271 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 11272 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 11273 sack->sack.num_dup_tsns = htons(num_dups); 11274 sack->ch.chunk_type = type; 11275 sack->ch.chunk_flags = flags; 11276 sack->ch.chunk_length = htons(a_chk->send_size); 11277 } else { 11278 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) + 11279 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 11280 num_dups * sizeof(int32_t); 11281 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 11282 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 11283 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd); 11284 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks); 11285 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks); 11286 nr_sack->nr_sack.num_dup_tsns = htons(num_dups); 11287 nr_sack->nr_sack.reserved = 0; 11288 nr_sack->ch.chunk_type = type; 11289 nr_sack->ch.chunk_flags = flags; 11290 nr_sack->ch.chunk_length = htons(a_chk->send_size); 11291 } 11292 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 11293 asoc->my_last_reported_rwnd = asoc->my_rwnd; 11294 asoc->ctrl_queue_cnt++; 11295 asoc->send_sack = 0; 11296 SCTP_STAT_INCR(sctps_sendsacks); 11297 return; 11298} 11299 11300void 11301sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked 11302#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 11303 SCTP_UNUSED 11304#endif 11305 ) 11306{ 11307 struct mbuf *m_abort, *m, *m_last; 11308 struct mbuf *m_out, *m_end = NULL; 11309 struct sctp_abort_chunk *abort; 11310 struct sctp_auth_chunk *auth = NULL; 11311 struct sctp_nets *net; 11312 uint32_t vtag; 11313 uint32_t auth_offset = 0; 11314 uint16_t cause_len, chunk_len, padding_len; 11315 11316#if defined(__APPLE__) 11317 if (so_locked) { 11318 sctp_lock_assert(SCTP_INP_SO(stcb->sctp_ep)); 11319 } else { 11320 sctp_unlock_assert(SCTP_INP_SO(stcb->sctp_ep)); 11321 } 11322#endif 11323 SCTP_TCB_LOCK_ASSERT(stcb); 11324 /*- 11325 * Add an AUTH chunk, if chunk requires it and save the offset into 11326 * the chain for AUTH 11327 */ 11328 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION, 11329 stcb->asoc.peer_auth_chunks)) { 11330 m_out = sctp_add_auth_chunk(NULL, &m_end, &auth, &auth_offset, 11331 stcb, SCTP_ABORT_ASSOCIATION); 11332 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11333 } else { 11334 m_out = NULL; 11335 } 11336 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_NOWAIT, 1, MT_HEADER); 11337 if (m_abort == NULL) { 11338 if (m_out) { 11339 sctp_m_freem(m_out); 11340 } 11341 if (operr) { 11342 sctp_m_freem(operr); 11343 } 11344 return; 11345 } 11346 /* link in any error */ 11347 SCTP_BUF_NEXT(m_abort) = operr; 11348 cause_len = 0; 11349 m_last = NULL; 11350 for (m = operr; m; m = SCTP_BUF_NEXT(m)) { 11351 cause_len += (uint16_t)SCTP_BUF_LEN(m); 11352 if (SCTP_BUF_NEXT(m) == NULL) { 11353 m_last = m; 11354 } 11355 } 11356 SCTP_BUF_LEN(m_abort) = sizeof(struct sctp_abort_chunk); 11357 chunk_len = (uint16_t)sizeof(struct sctp_abort_chunk) + cause_len; 11358 padding_len = SCTP_SIZE32(chunk_len) - chunk_len; 11359 if (m_out == NULL) { 11360 /* NO Auth chunk prepended, so reserve space in front */ 11361 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD); 11362 m_out = m_abort; 11363 } else { 11364 /* Put AUTH chunk at the front of the chain */ 11365 SCTP_BUF_NEXT(m_end) = m_abort; 11366 } 11367 if (stcb->asoc.alternate) { 11368 net = stcb->asoc.alternate; 11369 } else { 11370 net = stcb->asoc.primary_destination; 11371 } 11372 /* Fill in the ABORT chunk header. */ 11373 abort = mtod(m_abort, struct sctp_abort_chunk *); 11374 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION; 11375 if (stcb->asoc.peer_vtag == 0) { 11376 /* This happens iff the assoc is in COOKIE-WAIT state. */ 11377 vtag = stcb->asoc.my_vtag; 11378 abort->ch.chunk_flags = SCTP_HAD_NO_TCB; 11379 } else { 11380 vtag = stcb->asoc.peer_vtag; 11381 abort->ch.chunk_flags = 0; 11382 } 11383 abort->ch.chunk_length = htons(chunk_len); 11384 /* Add padding, if necessary. */ 11385 if (padding_len > 0) { 11386 if ((m_last == NULL) || 11387 (sctp_add_pad_tombuf(m_last, padding_len) == NULL)) { 11388 sctp_m_freem(m_out); 11389 return; 11390 } 11391 } 11392 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 11393 (struct sockaddr *)&net->ro._l_addr, 11394 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, 0, 11395 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(vtag), 11396 stcb->asoc.primary_destination->port, NULL, 11397#if defined(__FreeBSD__) 11398 0, 0, 11399#endif 11400 so_locked); 11401 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11402} 11403 11404void 11405sctp_send_shutdown_complete(struct sctp_tcb *stcb, 11406 struct sctp_nets *net, 11407 int reflect_vtag) 11408{ 11409 /* formulate and SEND a SHUTDOWN-COMPLETE */ 11410 struct mbuf *m_shutdown_comp; 11411 struct sctp_shutdown_complete_chunk *shutdown_complete; 11412 uint32_t vtag; 11413 uint8_t flags; 11414 11415 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_NOWAIT, 1, MT_HEADER); 11416 if (m_shutdown_comp == NULL) { 11417 /* no mbuf's */ 11418 return; 11419 } 11420 if (reflect_vtag) { 11421 flags = SCTP_HAD_NO_TCB; 11422 vtag = stcb->asoc.my_vtag; 11423 } else { 11424 flags = 0; 11425 vtag = stcb->asoc.peer_vtag; 11426 } 11427 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *); 11428 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 11429 shutdown_complete->ch.chunk_flags = flags; 11430 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 11431 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk); 11432 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 11433 (struct sockaddr *)&net->ro._l_addr, 11434 m_shutdown_comp, 0, NULL, 0, 1, 0, 0, 11435 stcb->sctp_ep->sctp_lport, stcb->rport, 11436 htonl(vtag), 11437 net->port, NULL, 11438#if defined(__FreeBSD__) 11439 0, 0, 11440#endif 11441 SCTP_SO_NOT_LOCKED); 11442 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11443 return; 11444} 11445 11446#if defined(__FreeBSD__) 11447static void 11448sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst, 11449 struct sctphdr *sh, uint32_t vtag, 11450 uint8_t type, struct mbuf *cause, 11451 uint8_t use_mflowid, uint32_t mflowid, 11452 uint32_t vrf_id, uint16_t port) 11453#else 11454static void 11455sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst, 11456 struct sctphdr *sh, uint32_t vtag, 11457 uint8_t type, struct mbuf *cause, 11458 uint32_t vrf_id SCTP_UNUSED, uint16_t port) 11459#endif 11460{ 11461#ifdef __Panda__ 11462 pakhandle_type o_pak; 11463#else 11464 struct mbuf *o_pak; 11465#endif 11466 struct mbuf *mout; 11467 struct sctphdr *shout; 11468 struct sctp_chunkhdr *ch; 11469#if defined(INET) || defined(INET6) 11470 struct udphdr *udp; 11471 int ret; 11472#endif 11473 int len, cause_len, padding_len; 11474#ifdef INET 11475#if defined(__APPLE__) || defined(__Panda__) 11476 sctp_route_t ro; 11477#endif 11478 struct sockaddr_in *src_sin, *dst_sin; 11479 struct ip *ip; 11480#endif 11481#ifdef INET6 11482 struct sockaddr_in6 *src_sin6, *dst_sin6; 11483 struct ip6_hdr *ip6; 11484#endif 11485 11486 /* Compute the length of the cause and add final padding. */ 11487 cause_len = 0; 11488 if (cause != NULL) { 11489 struct mbuf *m_at, *m_last = NULL; 11490 11491 for (m_at = cause; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 11492 if (SCTP_BUF_NEXT(m_at) == NULL) 11493 m_last = m_at; 11494 cause_len += SCTP_BUF_LEN(m_at); 11495 } 11496 padding_len = cause_len % 4; 11497 if (padding_len != 0) { 11498 padding_len = 4 - padding_len; 11499 } 11500 if (padding_len != 0) { 11501 if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) { 11502 sctp_m_freem(cause); 11503 return; 11504 } 11505 } 11506 } else { 11507 padding_len = 0; 11508 } 11509 /* Get an mbuf for the header. */ 11510 len = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 11511 switch (dst->sa_family) { 11512#ifdef INET 11513 case AF_INET: 11514 len += sizeof(struct ip); 11515 break; 11516#endif 11517#ifdef INET6 11518 case AF_INET6: 11519 len += sizeof(struct ip6_hdr); 11520 break; 11521#endif 11522 default: 11523 break; 11524 } 11525#if defined(INET) || defined(INET6) 11526 if (port) { 11527 len += sizeof(struct udphdr); 11528 } 11529#endif 11530#if defined(__APPLE__) 11531#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 11532 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_NOWAIT, 1, MT_DATA); 11533#else 11534 mout = sctp_get_mbuf_for_msg(len + SCTP_MAX_LINKHDR, 1, M_NOWAIT, 1, MT_DATA); 11535#endif 11536#else 11537 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_NOWAIT, 1, MT_DATA); 11538#endif 11539 if (mout == NULL) { 11540 if (cause) { 11541 sctp_m_freem(cause); 11542 } 11543 return; 11544 } 11545#if defined(__APPLE__) 11546#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 11547 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11548#else 11549 SCTP_BUF_RESV_UF(mout, SCTP_MAX_LINKHDR); 11550#endif 11551#else 11552 SCTP_BUF_RESV_UF(mout, max_linkhdr); 11553#endif 11554 SCTP_BUF_LEN(mout) = len; 11555 SCTP_BUF_NEXT(mout) = cause; 11556#if defined(__FreeBSD__) 11557 if (use_mflowid != 0) { 11558 mout->m_pkthdr.flowid = mflowid; 11559 mout->m_flags |= M_FLOWID; 11560 } 11561#endif 11562#ifdef INET 11563 ip = NULL; 11564#endif 11565#ifdef INET6 11566 ip6 = NULL; 11567#endif 11568 switch (dst->sa_family) { 11569#ifdef INET 11570 case AF_INET: 11571 src_sin = (struct sockaddr_in *)src; 11572 dst_sin = (struct sockaddr_in *)dst; 11573 ip = mtod(mout, struct ip *); 11574 ip->ip_v = IPVERSION; 11575 ip->ip_hl = (sizeof(struct ip) >> 2); 11576 ip->ip_tos = 0; 11577#if defined(__FreeBSD__) 11578 ip->ip_id = ip_newid(); 11579#elif defined(__APPLE__) 11580#if RANDOM_IP_ID 11581 ip->ip_id = ip_randomid(); 11582#else 11583 ip->ip_id = htons(ip_id++); 11584#endif 11585#else 11586 ip->ip_id = htons(ip_id++); 11587#endif 11588 ip->ip_off = 0; 11589 ip->ip_ttl = MODULE_GLOBAL(ip_defttl); 11590 if (port) { 11591 ip->ip_p = IPPROTO_UDP; 11592 } else { 11593 ip->ip_p = IPPROTO_SCTP; 11594 } 11595 ip->ip_src.s_addr = dst_sin->sin_addr.s_addr; 11596 ip->ip_dst.s_addr = src_sin->sin_addr.s_addr; 11597 ip->ip_sum = 0; 11598 len = sizeof(struct ip); 11599 shout = (struct sctphdr *)((caddr_t)ip + len); 11600 break; 11601#endif 11602#ifdef INET6 11603 case AF_INET6: 11604 src_sin6 = (struct sockaddr_in6 *)src; 11605 dst_sin6 = (struct sockaddr_in6 *)dst; 11606 ip6 = mtod(mout, struct ip6_hdr *); 11607 ip6->ip6_flow = htonl(0x60000000); 11608#if defined(__FreeBSD__) 11609 if (V_ip6_auto_flowlabel) { 11610 ip6->ip6_flow |= (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); 11611 } 11612#endif 11613#if defined(__Userspace__) 11614 ip6->ip6_hlim = IPv6_HOP_LIMIT; 11615#else 11616 ip6->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11617#endif 11618 if (port) { 11619 ip6->ip6_nxt = IPPROTO_UDP; 11620 } else { 11621 ip6->ip6_nxt = IPPROTO_SCTP; 11622 } 11623 ip6->ip6_src = dst_sin6->sin6_addr; 11624 ip6->ip6_dst = src_sin6->sin6_addr; 11625 len = sizeof(struct ip6_hdr); 11626 shout = (struct sctphdr *)((caddr_t)ip6 + len); 11627 break; 11628#endif 11629 default: 11630 len = 0; 11631 shout = mtod(mout, struct sctphdr *); 11632 break; 11633 } 11634#if defined(INET) || defined(INET6) 11635 if (port) { 11636 if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) { 11637 sctp_m_freem(mout); 11638 return; 11639 } 11640 udp = (struct udphdr *)shout; 11641 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11642 udp->uh_dport = port; 11643 udp->uh_sum = 0; 11644 udp->uh_ulen = htons(sizeof(struct udphdr) + 11645 sizeof(struct sctphdr) + 11646 sizeof(struct sctp_chunkhdr) + 11647 cause_len + padding_len); 11648 len += sizeof(struct udphdr); 11649 shout = (struct sctphdr *)((caddr_t)shout + sizeof(struct udphdr)); 11650 } else { 11651 udp = NULL; 11652 } 11653#endif 11654 shout->src_port = sh->dest_port; 11655 shout->dest_port = sh->src_port; 11656 shout->checksum = 0; 11657 if (vtag) { 11658 shout->v_tag = htonl(vtag); 11659 } else { 11660 shout->v_tag = sh->v_tag; 11661 } 11662 len += sizeof(struct sctphdr); 11663 ch = (struct sctp_chunkhdr *)((caddr_t)shout + sizeof(struct sctphdr)); 11664 ch->chunk_type = type; 11665 if (vtag) { 11666 ch->chunk_flags = 0; 11667 } else { 11668 ch->chunk_flags = SCTP_HAD_NO_TCB; 11669 } 11670 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len); 11671 len += sizeof(struct sctp_chunkhdr); 11672 len += cause_len + padding_len; 11673 11674 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11675 sctp_m_freem(mout); 11676 return; 11677 } 11678 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11679 switch (dst->sa_family) { 11680#ifdef INET 11681 case AF_INET: 11682#if defined(__APPLE__) || defined(__Panda__) 11683 /* zap the stack pointer to the route */ 11684 bzero(&ro, sizeof(sctp_route_t)); 11685#if defined(__Panda__) 11686 ro._l_addr.sa.sa_family = AF_INET; 11687#endif 11688#endif 11689 if (port) { 11690#if !defined(__Windows__) && !defined(__Userspace__) 11691#if defined(__FreeBSD__) && ((__FreeBSD_version > 803000 && __FreeBSD_version < 900000) || __FreeBSD_version > 900000) 11692 if (V_udp_cksum) { 11693 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11694 } else { 11695 udp->uh_sum = 0; 11696 } 11697#else 11698 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11699#endif 11700#else 11701 udp->uh_sum = 0; 11702#endif 11703 } 11704#if defined(__FreeBSD__) 11705#if __FreeBSD_version >= 1000000 11706 ip->ip_len = htons(len); 11707#else 11708 ip->ip_len = len; 11709#endif 11710#elif defined(__APPLE__) || defined(__Userspace__) 11711 ip->ip_len = len; 11712#else 11713 ip->ip_len = htons(len); 11714#endif 11715 if (port) { 11716#if defined(SCTP_WITH_NO_CSUM) 11717 SCTP_STAT_INCR(sctps_sendnocrc); 11718#else 11719 shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip) + sizeof(struct udphdr)); 11720 SCTP_STAT_INCR(sctps_sendswcrc); 11721#endif 11722#if defined(__FreeBSD__) && ((__FreeBSD_version > 803000 && __FreeBSD_version < 900000) || __FreeBSD_version > 900000) 11723 if (V_udp_cksum) { 11724 SCTP_ENABLE_UDP_CSUM(o_pak); 11725 } 11726#else 11727 SCTP_ENABLE_UDP_CSUM(o_pak); 11728#endif 11729 } else { 11730#if defined(SCTP_WITH_NO_CSUM) 11731 SCTP_STAT_INCR(sctps_sendnocrc); 11732#else 11733#if defined(__FreeBSD__) && __FreeBSD_version >= 800000 11734 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11735 mout->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 11736 SCTP_STAT_INCR(sctps_sendhwcrc); 11737#else 11738 shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip)); 11739 SCTP_STAT_INCR(sctps_sendswcrc); 11740#endif 11741#endif 11742 } 11743#ifdef SCTP_PACKET_LOGGING 11744 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { 11745 sctp_packet_log(o_pak); 11746 } 11747#endif 11748#if defined(__APPLE__) || defined(__Panda__) 11749 SCTP_IP_OUTPUT(ret, o_pak, &ro, NULL, vrf_id); 11750 /* Free the route if we got one back */ 11751 if (ro.ro_rt) { 11752 RTFREE(ro.ro_rt); 11753 ro.ro_rt = NULL; 11754 } 11755#else 11756 SCTP_IP_OUTPUT(ret, o_pak, NULL, NULL, vrf_id); 11757#endif 11758 break; 11759#endif 11760#ifdef INET6 11761 case AF_INET6: 11762 ip6->ip6_plen = len - sizeof(struct ip6_hdr); 11763 if (port) { 11764#if defined(SCTP_WITH_NO_CSUM) 11765 SCTP_STAT_INCR(sctps_sendnocrc); 11766#else 11767 shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11768 SCTP_STAT_INCR(sctps_sendswcrc); 11769#endif 11770#if defined(__Windows__) 11771 udp->uh_sum = 0; 11772#elif !defined(__Userspace__) 11773 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11774 udp->uh_sum = 0xffff; 11775 } 11776#endif 11777 } else { 11778#if defined(SCTP_WITH_NO_CSUM) 11779 SCTP_STAT_INCR(sctps_sendnocrc); 11780#else 11781#if defined(__FreeBSD__) && __FreeBSD_version >= 900000 11782#if __FreeBSD_version > 901000 11783 mout->m_pkthdr.csum_flags = CSUM_SCTP_IPV6; 11784#else 11785 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11786#endif 11787 mout->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 11788 SCTP_STAT_INCR(sctps_sendhwcrc); 11789#else 11790 shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr)); 11791 SCTP_STAT_INCR(sctps_sendswcrc); 11792#endif 11793#endif 11794 } 11795#ifdef SCTP_PACKET_LOGGING 11796 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { 11797 sctp_packet_log(o_pak); 11798 } 11799#endif 11800 SCTP_IP6_OUTPUT(ret, o_pak, NULL, NULL, NULL, vrf_id); 11801 break; 11802#endif 11803#if defined(__Userspace__) 11804 case AF_CONN: 11805 { 11806 char *buffer; 11807 struct sockaddr_conn *sconn; 11808 11809 sconn = (struct sockaddr_conn *)src; 11810#if defined(SCTP_WITH_NO_CSUM) 11811 SCTP_STAT_INCR(sctps_sendnocrc); 11812#else 11813 shout->checksum = sctp_calculate_cksum(mout, 0); 11814 SCTP_STAT_INCR(sctps_sendswcrc); 11815#endif 11816#ifdef SCTP_PACKET_LOGGING 11817 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { 11818 sctp_packet_log(mout); 11819 } 11820#endif 11821 /* Don't alloc/free for each packet */ 11822 if ((buffer = malloc(len)) != NULL) { 11823 m_copydata(mout, 0, len, buffer); 11824 SCTP_BASE_VAR(conn_output)(sconn->sconn_addr, buffer, len, 0, 0); 11825 free(buffer); 11826 } 11827 sctp_m_freem(mout); 11828 break; 11829 } 11830#endif 11831 default: 11832 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 11833 dst->sa_family); 11834 sctp_m_freem(mout); 11835 SCTP_LTRACE_ERR_RET_PKT(mout, NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 11836 return; 11837 } 11838 SCTP_STAT_INCR(sctps_sendpackets); 11839 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11840 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11841 return; 11842} 11843 11844void 11845sctp_send_shutdown_complete2(struct sockaddr *src, struct sockaddr *dst, 11846 struct sctphdr *sh, 11847#if defined(__FreeBSD__) 11848 uint8_t use_mflowid, uint32_t mflowid, 11849#endif 11850 uint32_t vrf_id, uint16_t port) 11851{ 11852 sctp_send_resp_msg(src, dst, sh, 0, SCTP_SHUTDOWN_COMPLETE, NULL, 11853#if defined(__FreeBSD__) 11854 use_mflowid, mflowid, 11855#endif 11856 vrf_id, port); 11857} 11858 11859void 11860sctp_send_hb(struct sctp_tcb *stcb, struct sctp_nets *net,int so_locked 11861#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 11862 SCTP_UNUSED 11863#endif 11864) 11865{ 11866 struct sctp_tmit_chunk *chk; 11867 struct sctp_heartbeat_chunk *hb; 11868 struct timeval now; 11869 11870 SCTP_TCB_LOCK_ASSERT(stcb); 11871 if (net == NULL) { 11872 return; 11873 } 11874 (void)SCTP_GETTIME_TIMEVAL(&now); 11875 switch (net->ro._l_addr.sa.sa_family) { 11876#ifdef INET 11877 case AF_INET: 11878 break; 11879#endif 11880#ifdef INET6 11881 case AF_INET6: 11882 break; 11883#endif 11884#if defined(__Userspace__) 11885 case AF_CONN: 11886 break; 11887#endif 11888 default: 11889 return; 11890 } 11891 sctp_alloc_a_chunk(stcb, chk); 11892 if (chk == NULL) { 11893 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n"); 11894 return; 11895 } 11896 11897 chk->copy_by_ref = 0; 11898 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST; 11899 chk->rec.chunk_id.can_take_data = 1; 11900 chk->asoc = &stcb->asoc; 11901 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 11902 11903 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER); 11904 if (chk->data == NULL) { 11905 sctp_free_a_chunk(stcb, chk, so_locked); 11906 return; 11907 } 11908 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11909 SCTP_BUF_LEN(chk->data) = chk->send_size; 11910 chk->sent = SCTP_DATAGRAM_UNSENT; 11911 chk->snd_count = 0; 11912 chk->whoTo = net; 11913 atomic_add_int(&chk->whoTo->ref_count, 1); 11914 /* Now we have a mbuf that we can fill in with the details */ 11915 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 11916 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk)); 11917 /* fill out chunk header */ 11918 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 11919 hb->ch.chunk_flags = 0; 11920 hb->ch.chunk_length = htons(chk->send_size); 11921 /* Fill out hb parameter */ 11922 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 11923 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 11924 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 11925 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 11926 /* Did our user request this one, put it in */ 11927 hb->heartbeat.hb_info.addr_family = net->ro._l_addr.sa.sa_family; 11928#ifdef HAVE_SA_LEN 11929 hb->heartbeat.hb_info.addr_len = net->ro._l_addr.sa.sa_len; 11930#else 11931 switch (net->ro._l_addr.sa.sa_family) { 11932#ifdef INET 11933 case AF_INET: 11934 hb->heartbeat.hb_info.addr_len = sizeof(struct sockaddr_in); 11935 break; 11936#endif 11937#ifdef INET6 11938 case AF_INET6: 11939 hb->heartbeat.hb_info.addr_len = sizeof(struct sockaddr_in6); 11940 break; 11941#endif 11942#if defined(__Userspace__) 11943 case AF_CONN: 11944 hb->heartbeat.hb_info.addr_len = sizeof(struct sockaddr_conn); 11945 break; 11946#endif 11947 default: 11948 hb->heartbeat.hb_info.addr_len = 0; 11949 break; 11950 } 11951#endif 11952 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 11953 /* 11954 * we only take from the entropy pool if the address is not 11955 * confirmed. 11956 */ 11957 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 11958 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 11959 } else { 11960 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 11961 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 11962 } 11963 switch (net->ro._l_addr.sa.sa_family) { 11964#ifdef INET 11965 case AF_INET: 11966 memcpy(hb->heartbeat.hb_info.address, 11967 &net->ro._l_addr.sin.sin_addr, 11968 sizeof(net->ro._l_addr.sin.sin_addr)); 11969 break; 11970#endif 11971#ifdef INET6 11972 case AF_INET6: 11973 memcpy(hb->heartbeat.hb_info.address, 11974 &net->ro._l_addr.sin6.sin6_addr, 11975 sizeof(net->ro._l_addr.sin6.sin6_addr)); 11976 break; 11977#endif 11978#if defined(__Userspace__) 11979 case AF_CONN: 11980 memcpy(hb->heartbeat.hb_info.address, 11981 &net->ro._l_addr.sconn.sconn_addr, 11982 sizeof(net->ro._l_addr.sconn.sconn_addr)); 11983 break; 11984#endif 11985 default: 11986 return; 11987 break; 11988 } 11989 net->hb_responded = 0; 11990 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11991 stcb->asoc.ctrl_queue_cnt++; 11992 SCTP_STAT_INCR(sctps_sendheartbeat); 11993 return; 11994} 11995 11996void 11997sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 11998 uint32_t high_tsn) 11999{ 12000 struct sctp_association *asoc; 12001 struct sctp_ecne_chunk *ecne; 12002 struct sctp_tmit_chunk *chk; 12003 12004 if (net == NULL) { 12005 return; 12006 } 12007 asoc = &stcb->asoc; 12008 SCTP_TCB_LOCK_ASSERT(stcb); 12009 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 12010 if ((chk->rec.chunk_id.id == SCTP_ECN_ECHO) && (net == chk->whoTo)) { 12011 /* found a previous ECN_ECHO update it if needed */ 12012 uint32_t cnt, ctsn; 12013 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 12014 ctsn = ntohl(ecne->tsn); 12015 if (SCTP_TSN_GT(high_tsn, ctsn)) { 12016 ecne->tsn = htonl(high_tsn); 12017 SCTP_STAT_INCR(sctps_queue_upd_ecne); 12018 } 12019 cnt = ntohl(ecne->num_pkts_since_cwr); 12020 cnt++; 12021 ecne->num_pkts_since_cwr = htonl(cnt); 12022 return; 12023 } 12024 } 12025 /* nope could not find one to update so we must build one */ 12026 sctp_alloc_a_chunk(stcb, chk); 12027 if (chk == NULL) { 12028 return; 12029 } 12030 chk->copy_by_ref = 0; 12031 SCTP_STAT_INCR(sctps_queue_upd_ecne); 12032 chk->rec.chunk_id.id = SCTP_ECN_ECHO; 12033 chk->rec.chunk_id.can_take_data = 0; 12034 chk->asoc = &stcb->asoc; 12035 chk->send_size = sizeof(struct sctp_ecne_chunk); 12036 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER); 12037 if (chk->data == NULL) { 12038 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 12039 return; 12040 } 12041 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 12042 SCTP_BUF_LEN(chk->data) = chk->send_size; 12043 chk->sent = SCTP_DATAGRAM_UNSENT; 12044 chk->snd_count = 0; 12045 chk->whoTo = net; 12046 atomic_add_int(&chk->whoTo->ref_count, 1); 12047 12048 stcb->asoc.ecn_echo_cnt_onq++; 12049 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 12050 ecne->ch.chunk_type = SCTP_ECN_ECHO; 12051 ecne->ch.chunk_flags = 0; 12052 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 12053 ecne->tsn = htonl(high_tsn); 12054 ecne->num_pkts_since_cwr = htonl(1); 12055 TAILQ_INSERT_HEAD(&stcb->asoc.control_send_queue, chk, sctp_next); 12056 asoc->ctrl_queue_cnt++; 12057} 12058 12059void 12060sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 12061 struct mbuf *m, int len, int iphlen, int bad_crc) 12062{ 12063 struct sctp_association *asoc; 12064 struct sctp_pktdrop_chunk *drp; 12065 struct sctp_tmit_chunk *chk; 12066 uint8_t *datap; 12067 int was_trunc = 0; 12068 int fullsz = 0; 12069 long spc; 12070 int offset; 12071 struct sctp_chunkhdr *ch, chunk_buf; 12072 unsigned int chk_length; 12073 12074 if (!stcb) { 12075 return; 12076 } 12077 asoc = &stcb->asoc; 12078 SCTP_TCB_LOCK_ASSERT(stcb); 12079 if (asoc->pktdrop_supported == 0) { 12080 /*- 12081 * peer must declare support before I send one. 12082 */ 12083 return; 12084 } 12085 if (stcb->sctp_socket == NULL) { 12086 return; 12087 } 12088 sctp_alloc_a_chunk(stcb, chk); 12089 if (chk == NULL) { 12090 return; 12091 } 12092 chk->copy_by_ref = 0; 12093 len -= iphlen; 12094 chk->send_size = len; 12095 /* Validate that we do not have an ABORT in here. */ 12096 offset = iphlen + sizeof(struct sctphdr); 12097 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 12098 sizeof(*ch), (uint8_t *) & chunk_buf); 12099 while (ch != NULL) { 12100 chk_length = ntohs(ch->chunk_length); 12101 if (chk_length < sizeof(*ch)) { 12102 /* break to abort land */ 12103 break; 12104 } 12105 switch (ch->chunk_type) { 12106 case SCTP_PACKET_DROPPED: 12107 case SCTP_ABORT_ASSOCIATION: 12108 case SCTP_INITIATION_ACK: 12109 /** 12110 * We don't respond with an PKT-DROP to an ABORT 12111 * or PKT-DROP. We also do not respond to an 12112 * INIT-ACK, because we can't know if the initiation 12113 * tag is correct or not. 12114 */ 12115 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 12116 return; 12117 default: 12118 break; 12119 } 12120 offset += SCTP_SIZE32(chk_length); 12121 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 12122 sizeof(*ch), (uint8_t *) & chunk_buf); 12123 } 12124 12125 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) > 12126 min(stcb->asoc.smallest_mtu, MCLBYTES)) { 12127 /* only send 1 mtu worth, trim off the 12128 * excess on the end. 12129 */ 12130 fullsz = len; 12131 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD; 12132 was_trunc = 1; 12133 } 12134 chk->asoc = &stcb->asoc; 12135 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 12136 if (chk->data == NULL) { 12137jump_out: 12138 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 12139 return; 12140 } 12141 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 12142 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 12143 if (drp == NULL) { 12144 sctp_m_freem(chk->data); 12145 chk->data = NULL; 12146 goto jump_out; 12147 } 12148 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 12149 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD)); 12150 chk->book_size_scale = 0; 12151 if (was_trunc) { 12152 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 12153 drp->trunc_len = htons(fullsz); 12154 /* Len is already adjusted to size minus overhead above 12155 * take out the pkt_drop chunk itself from it. 12156 */ 12157 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk); 12158 len = chk->send_size; 12159 } else { 12160 /* no truncation needed */ 12161 drp->ch.chunk_flags = 0; 12162 drp->trunc_len = htons(0); 12163 } 12164 if (bad_crc) { 12165 drp->ch.chunk_flags |= SCTP_BADCRC; 12166 } 12167 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 12168 SCTP_BUF_LEN(chk->data) = chk->send_size; 12169 chk->sent = SCTP_DATAGRAM_UNSENT; 12170 chk->snd_count = 0; 12171 if (net) { 12172 /* we should hit here */ 12173 chk->whoTo = net; 12174 atomic_add_int(&chk->whoTo->ref_count, 1); 12175 } else { 12176 chk->whoTo = NULL; 12177 } 12178 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED; 12179 chk->rec.chunk_id.can_take_data = 1; 12180 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 12181 drp->ch.chunk_length = htons(chk->send_size); 12182 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket); 12183 if (spc < 0) { 12184 spc = 0; 12185 } 12186 drp->bottle_bw = htonl(spc); 12187 if (asoc->my_rwnd) { 12188 drp->current_onq = htonl(asoc->size_on_reasm_queue + 12189 asoc->size_on_all_streams + 12190 asoc->my_rwnd_control_len + 12191 stcb->sctp_socket->so_rcv.sb_cc); 12192 } else { 12193 /*- 12194 * If my rwnd is 0, possibly from mbuf depletion as well as 12195 * space used, tell the peer there is NO space aka onq == bw 12196 */ 12197 drp->current_onq = htonl(spc); 12198 } 12199 drp->reserved = 0; 12200 datap = drp->data; 12201 m_copydata(m, iphlen, len, (caddr_t)datap); 12202 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 12203 asoc->ctrl_queue_cnt++; 12204} 12205 12206void 12207sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn, uint8_t override) 12208{ 12209 struct sctp_association *asoc; 12210 struct sctp_cwr_chunk *cwr; 12211 struct sctp_tmit_chunk *chk; 12212 12213 SCTP_TCB_LOCK_ASSERT(stcb); 12214 if (net == NULL) { 12215 return; 12216 } 12217 asoc = &stcb->asoc; 12218 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 12219 if ((chk->rec.chunk_id.id == SCTP_ECN_CWR) && (net == chk->whoTo)) { 12220 /* found a previous CWR queued to same destination update it if needed */ 12221 uint32_t ctsn; 12222 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 12223 ctsn = ntohl(cwr->tsn); 12224 if (SCTP_TSN_GT(high_tsn, ctsn)) { 12225 cwr->tsn = htonl(high_tsn); 12226 } 12227 if (override & SCTP_CWR_REDUCE_OVERRIDE) { 12228 /* Make sure override is carried */ 12229 cwr->ch.chunk_flags |= SCTP_CWR_REDUCE_OVERRIDE; 12230 } 12231 return; 12232 } 12233 } 12234 sctp_alloc_a_chunk(stcb, chk); 12235 if (chk == NULL) { 12236 return; 12237 } 12238 chk->copy_by_ref = 0; 12239 chk->rec.chunk_id.id = SCTP_ECN_CWR; 12240 chk->rec.chunk_id.can_take_data = 1; 12241 chk->asoc = &stcb->asoc; 12242 chk->send_size = sizeof(struct sctp_cwr_chunk); 12243 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER); 12244 if (chk->data == NULL) { 12245 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 12246 return; 12247 } 12248 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 12249 SCTP_BUF_LEN(chk->data) = chk->send_size; 12250 chk->sent = SCTP_DATAGRAM_UNSENT; 12251 chk->snd_count = 0; 12252 chk->whoTo = net; 12253 atomic_add_int(&chk->whoTo->ref_count, 1); 12254 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 12255 cwr->ch.chunk_type = SCTP_ECN_CWR; 12256 cwr->ch.chunk_flags = override; 12257 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 12258 cwr->tsn = htonl(high_tsn); 12259 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 12260 asoc->ctrl_queue_cnt++; 12261} 12262 12263void 12264sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk, 12265 int number_entries, uint16_t * list, 12266 uint32_t seq, uint32_t resp_seq, uint32_t last_sent) 12267{ 12268 uint16_t len, old_len, i; 12269 struct sctp_stream_reset_out_request *req_out; 12270 struct sctp_chunkhdr *ch; 12271 12272 ch = mtod(chk->data, struct sctp_chunkhdr *); 12273 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12274 12275 /* get to new offset for the param. */ 12276 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len); 12277 /* now how long will this param be? */ 12278 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries)); 12279 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST); 12280 req_out->ph.param_length = htons(len); 12281 req_out->request_seq = htonl(seq); 12282 req_out->response_seq = htonl(resp_seq); 12283 req_out->send_reset_at_tsn = htonl(last_sent); 12284 if (number_entries) { 12285 for (i = 0; i < number_entries; i++) { 12286 req_out->list_of_streams[i] = htons(list[i]); 12287 } 12288 } 12289 if (SCTP_SIZE32(len) > len) { 12290 /*- 12291 * Need to worry about the pad we may end up adding to the 12292 * end. This is easy since the struct is either aligned to 4 12293 * bytes or 2 bytes off. 12294 */ 12295 req_out->list_of_streams[number_entries] = 0; 12296 } 12297 /* now fix the chunk length */ 12298 ch->chunk_length = htons(len + old_len); 12299 chk->book_size = len + old_len; 12300 chk->book_size_scale = 0; 12301 chk->send_size = SCTP_SIZE32(chk->book_size); 12302 SCTP_BUF_LEN(chk->data) = chk->send_size; 12303 return; 12304} 12305 12306static void 12307sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk, 12308 int number_entries, uint16_t *list, 12309 uint32_t seq) 12310{ 12311 uint16_t len, old_len, i; 12312 struct sctp_stream_reset_in_request *req_in; 12313 struct sctp_chunkhdr *ch; 12314 12315 ch = mtod(chk->data, struct sctp_chunkhdr *); 12316 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12317 12318 /* get to new offset for the param. */ 12319 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len); 12320 /* now how long will this param be? */ 12321 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries)); 12322 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST); 12323 req_in->ph.param_length = htons(len); 12324 req_in->request_seq = htonl(seq); 12325 if (number_entries) { 12326 for (i = 0; i < number_entries; i++) { 12327 req_in->list_of_streams[i] = htons(list[i]); 12328 } 12329 } 12330 if (SCTP_SIZE32(len) > len) { 12331 /*- 12332 * Need to worry about the pad we may end up adding to the 12333 * end. This is easy since the struct is either aligned to 4 12334 * bytes or 2 bytes off. 12335 */ 12336 req_in->list_of_streams[number_entries] = 0; 12337 } 12338 /* now fix the chunk length */ 12339 ch->chunk_length = htons(len + old_len); 12340 chk->book_size = len + old_len; 12341 chk->book_size_scale = 0; 12342 chk->send_size = SCTP_SIZE32(chk->book_size); 12343 SCTP_BUF_LEN(chk->data) = chk->send_size; 12344 return; 12345} 12346 12347static void 12348sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk, 12349 uint32_t seq) 12350{ 12351 uint16_t len, old_len; 12352 struct sctp_stream_reset_tsn_request *req_tsn; 12353 struct sctp_chunkhdr *ch; 12354 12355 ch = mtod(chk->data, struct sctp_chunkhdr *); 12356 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12357 12358 /* get to new offset for the param. */ 12359 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len); 12360 /* now how long will this param be? */ 12361 len = sizeof(struct sctp_stream_reset_tsn_request); 12362 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST); 12363 req_tsn->ph.param_length = htons(len); 12364 req_tsn->request_seq = htonl(seq); 12365 12366 /* now fix the chunk length */ 12367 ch->chunk_length = htons(len + old_len); 12368 chk->send_size = len + old_len; 12369 chk->book_size = SCTP_SIZE32(chk->send_size); 12370 chk->book_size_scale = 0; 12371 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 12372 return; 12373} 12374 12375void 12376sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk, 12377 uint32_t resp_seq, uint32_t result) 12378{ 12379 uint16_t len, old_len; 12380 struct sctp_stream_reset_response *resp; 12381 struct sctp_chunkhdr *ch; 12382 12383 ch = mtod(chk->data, struct sctp_chunkhdr *); 12384 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12385 12386 /* get to new offset for the param. */ 12387 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len); 12388 /* now how long will this param be? */ 12389 len = sizeof(struct sctp_stream_reset_response); 12390 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 12391 resp->ph.param_length = htons(len); 12392 resp->response_seq = htonl(resp_seq); 12393 resp->result = ntohl(result); 12394 12395 /* now fix the chunk length */ 12396 ch->chunk_length = htons(len + old_len); 12397 chk->book_size = len + old_len; 12398 chk->book_size_scale = 0; 12399 chk->send_size = SCTP_SIZE32(chk->book_size); 12400 SCTP_BUF_LEN(chk->data) = chk->send_size; 12401 return; 12402} 12403 12404void 12405sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk, 12406 uint32_t resp_seq, uint32_t result, 12407 uint32_t send_una, uint32_t recv_next) 12408{ 12409 uint16_t len, old_len; 12410 struct sctp_stream_reset_response_tsn *resp; 12411 struct sctp_chunkhdr *ch; 12412 12413 ch = mtod(chk->data, struct sctp_chunkhdr *); 12414 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12415 12416 /* get to new offset for the param. */ 12417 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len); 12418 /* now how long will this param be? */ 12419 len = sizeof(struct sctp_stream_reset_response_tsn); 12420 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 12421 resp->ph.param_length = htons(len); 12422 resp->response_seq = htonl(resp_seq); 12423 resp->result = htonl(result); 12424 resp->senders_next_tsn = htonl(send_una); 12425 resp->receivers_next_tsn = htonl(recv_next); 12426 12427 /* now fix the chunk length */ 12428 ch->chunk_length = htons(len + old_len); 12429 chk->book_size = len + old_len; 12430 chk->send_size = SCTP_SIZE32(chk->book_size); 12431 chk->book_size_scale = 0; 12432 SCTP_BUF_LEN(chk->data) = chk->send_size; 12433 return; 12434} 12435 12436static void 12437sctp_add_an_out_stream(struct sctp_tmit_chunk *chk, 12438 uint32_t seq, 12439 uint16_t adding) 12440{ 12441 uint16_t len, old_len; 12442 struct sctp_chunkhdr *ch; 12443 struct sctp_stream_reset_add_strm *addstr; 12444 12445 ch = mtod(chk->data, struct sctp_chunkhdr *); 12446 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12447 12448 /* get to new offset for the param. */ 12449 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 12450 /* now how long will this param be? */ 12451 len = sizeof(struct sctp_stream_reset_add_strm); 12452 12453 /* Fill it out. */ 12454 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_OUT_STREAMS); 12455 addstr->ph.param_length = htons(len); 12456 addstr->request_seq = htonl(seq); 12457 addstr->number_of_streams = htons(adding); 12458 addstr->reserved = 0; 12459 12460 /* now fix the chunk length */ 12461 ch->chunk_length = htons(len + old_len); 12462 chk->send_size = len + old_len; 12463 chk->book_size = SCTP_SIZE32(chk->send_size); 12464 chk->book_size_scale = 0; 12465 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 12466 return; 12467} 12468 12469static void 12470sctp_add_an_in_stream(struct sctp_tmit_chunk *chk, 12471 uint32_t seq, 12472 uint16_t adding) 12473{ 12474 uint16_t len, old_len; 12475 struct sctp_chunkhdr *ch; 12476 struct sctp_stream_reset_add_strm *addstr; 12477 12478 ch = mtod(chk->data, struct sctp_chunkhdr *); 12479 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 12480 12481 /* get to new offset for the param. */ 12482 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 12483 /* now how long will this param be? */ 12484 len = sizeof(struct sctp_stream_reset_add_strm); 12485 /* Fill it out. */ 12486 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_IN_STREAMS); 12487 addstr->ph.param_length = htons(len); 12488 addstr->request_seq = htonl(seq); 12489 addstr->number_of_streams = htons(adding); 12490 addstr->reserved = 0; 12491 12492 /* now fix the chunk length */ 12493 ch->chunk_length = htons(len + old_len); 12494 chk->send_size = len + old_len; 12495 chk->book_size = SCTP_SIZE32(chk->send_size); 12496 chk->book_size_scale = 0; 12497 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 12498 return; 12499} 12500 12501int 12502sctp_send_str_reset_req(struct sctp_tcb *stcb, 12503 int number_entries, uint16_t *list, 12504 uint8_t send_out_req, 12505 uint8_t send_in_req, 12506 uint8_t send_tsn_req, 12507 uint8_t add_stream, 12508 uint16_t adding_o, 12509 uint16_t adding_i, uint8_t peer_asked) 12510{ 12511 12512 struct sctp_association *asoc; 12513 struct sctp_tmit_chunk *chk; 12514 struct sctp_chunkhdr *ch; 12515 uint32_t seq; 12516 12517 asoc = &stcb->asoc; 12518 if (asoc->stream_reset_outstanding) { 12519 /*- 12520 * Already one pending, must get ACK back to clear the flag. 12521 */ 12522 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY); 12523 return (EBUSY); 12524 } 12525 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0) && 12526 (add_stream == 0)) { 12527 /* nothing to do */ 12528 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12529 return (EINVAL); 12530 } 12531 if (send_tsn_req && (send_out_req || send_in_req)) { 12532 /* error, can't do that */ 12533 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12534 return (EINVAL); 12535 } 12536 sctp_alloc_a_chunk(stcb, chk); 12537 if (chk == NULL) { 12538 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12539 return (ENOMEM); 12540 } 12541 chk->copy_by_ref = 0; 12542 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 12543 chk->rec.chunk_id.can_take_data = 0; 12544 chk->asoc = &stcb->asoc; 12545 chk->book_size = sizeof(struct sctp_chunkhdr); 12546 chk->send_size = SCTP_SIZE32(chk->book_size); 12547 chk->book_size_scale = 0; 12548 12549 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 12550 if (chk->data == NULL) { 12551 sctp_free_a_chunk(stcb, chk, SCTP_SO_LOCKED); 12552 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12553 return (ENOMEM); 12554 } 12555 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 12556 12557 /* setup chunk parameters */ 12558 chk->sent = SCTP_DATAGRAM_UNSENT; 12559 chk->snd_count = 0; 12560 if (stcb->asoc.alternate) { 12561 chk->whoTo = stcb->asoc.alternate; 12562 } else { 12563 chk->whoTo = stcb->asoc.primary_destination; 12564 } 12565 atomic_add_int(&chk->whoTo->ref_count, 1); 12566 ch = mtod(chk->data, struct sctp_chunkhdr *); 12567 ch->chunk_type = SCTP_STREAM_RESET; 12568 ch->chunk_flags = 0; 12569 ch->chunk_length = htons(chk->book_size); 12570 SCTP_BUF_LEN(chk->data) = chk->send_size; 12571 12572 seq = stcb->asoc.str_reset_seq_out; 12573 if (send_out_req) { 12574 sctp_add_stream_reset_out(chk, number_entries, list, 12575 seq, (stcb->asoc.str_reset_seq_in - 1), (stcb->asoc.sending_seq - 1)); 12576 asoc->stream_reset_out_is_outstanding = 1; 12577 seq++; 12578 asoc->stream_reset_outstanding++; 12579 } 12580 if ((add_stream & 1) && 12581 ((stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt) < adding_o)) { 12582 /* Need to allocate more */ 12583 struct sctp_stream_out *oldstream; 12584 struct sctp_stream_queue_pending *sp, *nsp; 12585 int i; 12586#if defined(SCTP_DETAILED_STR_STATS) 12587 int j; 12588#endif 12589 12590 oldstream = stcb->asoc.strmout; 12591 /* get some more */ 12592 SCTP_MALLOC(stcb->asoc.strmout, struct sctp_stream_out *, 12593 ((stcb->asoc.streamoutcnt+adding_o) * sizeof(struct sctp_stream_out)), 12594 SCTP_M_STRMO); 12595 if (stcb->asoc.strmout == NULL) { 12596 uint8_t x; 12597 stcb->asoc.strmout = oldstream; 12598 /* Turn off the bit */ 12599 x = add_stream & 0xfe; 12600 add_stream = x; 12601 goto skip_stuff; 12602 } 12603 /* Ok now we proceed with copying the old out stuff and 12604 * initializing the new stuff. 12605 */ 12606 SCTP_TCB_SEND_LOCK(stcb); 12607 stcb->asoc.ss_functions.sctp_ss_clear(stcb, &stcb->asoc, 0, 1); 12608 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 12609 TAILQ_INIT(&stcb->asoc.strmout[i].outqueue); 12610 stcb->asoc.strmout[i].chunks_on_queues = oldstream[i].chunks_on_queues; 12611 stcb->asoc.strmout[i].next_sequence_send = oldstream[i].next_sequence_send; 12612 stcb->asoc.strmout[i].last_msg_incomplete = oldstream[i].last_msg_incomplete; 12613 stcb->asoc.strmout[i].stream_no = i; 12614 stcb->asoc.ss_functions.sctp_ss_init_stream(&stcb->asoc.strmout[i], &oldstream[i]); 12615 /* now anything on those queues? */ 12616 TAILQ_FOREACH_SAFE(sp, &oldstream[i].outqueue, next, nsp) { 12617 TAILQ_REMOVE(&oldstream[i].outqueue, sp, next); 12618 TAILQ_INSERT_TAIL(&stcb->asoc.strmout[i].outqueue, sp, next); 12619 } 12620 /* Now move assoc pointers too */ 12621 if (stcb->asoc.last_out_stream == &oldstream[i]) { 12622 stcb->asoc.last_out_stream = &stcb->asoc.strmout[i]; 12623 } 12624 if (stcb->asoc.locked_on_sending == &oldstream[i]) { 12625 stcb->asoc.locked_on_sending = &stcb->asoc.strmout[i]; 12626 } 12627 } 12628 /* now the new streams */ 12629 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc, 1); 12630 for (i = stcb->asoc.streamoutcnt; i < (stcb->asoc.streamoutcnt + adding_o); i++) { 12631 TAILQ_INIT(&stcb->asoc.strmout[i].outqueue); 12632 stcb->asoc.strmout[i].chunks_on_queues = 0; 12633#if defined(SCTP_DETAILED_STR_STATS) 12634 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 12635 stcb->asoc.strmout[i].abandoned_sent[j] = 0; 12636 stcb->asoc.strmout[i].abandoned_unsent[j] = 0; 12637 } 12638#else 12639 stcb->asoc.strmout[i].abandoned_sent[0] = 0; 12640 stcb->asoc.strmout[i].abandoned_unsent[0] = 0; 12641#endif 12642 stcb->asoc.strmout[i].next_sequence_send = 0x0; 12643 stcb->asoc.strmout[i].stream_no = i; 12644 stcb->asoc.strmout[i].last_msg_incomplete = 0; 12645 stcb->asoc.ss_functions.sctp_ss_init_stream(&stcb->asoc.strmout[i], NULL); 12646 } 12647 stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt + adding_o; 12648 SCTP_FREE(oldstream, SCTP_M_STRMO); 12649 SCTP_TCB_SEND_UNLOCK(stcb); 12650 } 12651skip_stuff: 12652 if ((add_stream & 1) && (adding_o > 0)) { 12653 asoc->strm_pending_add_size = adding_o; 12654 asoc->peer_req_out = peer_asked; 12655 sctp_add_an_out_stream(chk, seq, adding_o); 12656 seq++; 12657 asoc->stream_reset_outstanding++; 12658 } 12659 if ((add_stream & 2) && (adding_i > 0)) { 12660 sctp_add_an_in_stream(chk, seq, adding_i); 12661 seq++; 12662 asoc->stream_reset_outstanding++; 12663 } 12664 if (send_in_req) { 12665 sctp_add_stream_reset_in(chk, number_entries, list, seq); 12666 seq++; 12667 asoc->stream_reset_outstanding++; 12668 } 12669 if (send_tsn_req) { 12670 sctp_add_stream_reset_tsn(chk, seq); 12671 asoc->stream_reset_outstanding++; 12672 } 12673 asoc->str_reset = chk; 12674 /* insert the chunk for sending */ 12675 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 12676 chk, 12677 sctp_next); 12678 asoc->ctrl_queue_cnt++; 12679 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 12680 return (0); 12681} 12682 12683void 12684sctp_send_abort(struct mbuf *m, int iphlen, struct sockaddr *src, struct sockaddr *dst, 12685 struct sctphdr *sh, uint32_t vtag, struct mbuf *cause, 12686#if defined(__FreeBSD__) 12687 uint8_t use_mflowid, uint32_t mflowid, 12688#endif 12689 uint32_t vrf_id, uint16_t port) 12690{ 12691 /* Don't respond to an ABORT with an ABORT. */ 12692 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 12693 if (cause) 12694 sctp_m_freem(cause); 12695 return; 12696 } 12697 sctp_send_resp_msg(src, dst, sh, vtag, SCTP_ABORT_ASSOCIATION, cause, 12698#if defined(__FreeBSD__) 12699 use_mflowid, mflowid, 12700#endif 12701 vrf_id, port); 12702 return; 12703} 12704 12705void 12706sctp_send_operr_to(struct sockaddr *src, struct sockaddr *dst, 12707 struct sctphdr *sh, uint32_t vtag, struct mbuf *cause, 12708#if defined(__FreeBSD__) 12709 uint8_t use_mflowid, uint32_t mflowid, 12710#endif 12711 uint32_t vrf_id, uint16_t port) 12712{ 12713 sctp_send_resp_msg(src, dst, sh, vtag, SCTP_OPERATION_ERROR, cause, 12714#if defined(__FreeBSD__) 12715 use_mflowid, mflowid, 12716#endif 12717 vrf_id, port); 12718 return; 12719} 12720 12721static struct mbuf * 12722sctp_copy_resume(struct uio *uio, 12723 int max_send_len, 12724#if defined(__FreeBSD__) && __FreeBSD_version > 602000 12725 int user_marks_eor, 12726#endif 12727 int *error, 12728 uint32_t *sndout, 12729 struct mbuf **new_tail) 12730{ 12731#if defined(__Panda__) 12732 struct mbuf *m; 12733 12734 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0, 12735 (user_marks_eor ? M_EOR : 0)); 12736 if (m == NULL) { 12737 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12738 *error = ENOBUFS; 12739 } else { 12740 *sndout = m_length(m, NULL); 12741 *new_tail = m_last(m); 12742 } 12743 return (m); 12744#elif defined(__FreeBSD__) && __FreeBSD_version > 602000 12745 struct mbuf *m; 12746 12747 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0, 12748 (M_PKTHDR | (user_marks_eor ? M_EOR : 0))); 12749 if (m == NULL) { 12750 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12751 *error = ENOBUFS; 12752 } else { 12753 *sndout = m_length(m, NULL); 12754 *new_tail = m_last(m); 12755 } 12756 return (m); 12757#else 12758 int left, cancpy, willcpy; 12759 struct mbuf *m, *head; 12760 12761#if defined(__APPLE__) 12762#if defined(APPLE_LEOPARD) 12763 left = min(uio->uio_resid, max_send_len); 12764#else 12765 left = min(uio_resid(uio), max_send_len); 12766#endif 12767#else 12768 left = min(uio->uio_resid, max_send_len); 12769#endif 12770 /* Always get a header just in case */ 12771 head = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 0, MT_DATA); 12772 if (head == NULL) { 12773 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12774 *error = ENOBUFS; 12775 return (NULL); 12776 } 12777 cancpy = M_TRAILINGSPACE(head); 12778 willcpy = min(cancpy, left); 12779 *error = uiomove(mtod(head, caddr_t), willcpy, uio); 12780 if (*error) { 12781 sctp_m_freem(head); 12782 return (NULL); 12783 } 12784 *sndout += willcpy; 12785 left -= willcpy; 12786 SCTP_BUF_LEN(head) = willcpy; 12787 m = head; 12788 *new_tail = head; 12789 while (left > 0) { 12790 /* move in user data */ 12791 SCTP_BUF_NEXT(m) = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 0, MT_DATA); 12792 if (SCTP_BUF_NEXT(m) == NULL) { 12793 sctp_m_freem(head); 12794 *new_tail = NULL; 12795 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12796 *error = ENOBUFS; 12797 return (NULL); 12798 } 12799 m = SCTP_BUF_NEXT(m); 12800 cancpy = M_TRAILINGSPACE(m); 12801 willcpy = min(cancpy, left); 12802 *error = uiomove(mtod(m, caddr_t), willcpy, uio); 12803 if (*error) { 12804 sctp_m_freem(head); 12805 *new_tail = NULL; 12806 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 12807 *error = EFAULT; 12808 return (NULL); 12809 } 12810 SCTP_BUF_LEN(m) = willcpy; 12811 left -= willcpy; 12812 *sndout += willcpy; 12813 *new_tail = m; 12814 if (left == 0) { 12815 SCTP_BUF_NEXT(m) = NULL; 12816 } 12817 } 12818 return (head); 12819#endif 12820} 12821 12822static int 12823sctp_copy_one(struct sctp_stream_queue_pending *sp, 12824 struct uio *uio, 12825 int resv_upfront) 12826{ 12827 int left; 12828#if defined(__Panda__) 12829 left = sp->length; 12830 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, 12831 resv_upfront, 0); 12832 if (sp->data == NULL) { 12833 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12834 return (ENOBUFS); 12835 } 12836 12837 sp->tail_mbuf = m_last(sp->data); 12838 return (0); 12839 12840#elif defined(__FreeBSD__) && __FreeBSD_version > 602000 12841 left = sp->length; 12842 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, 12843 resv_upfront, 0); 12844 if (sp->data == NULL) { 12845 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12846 return (ENOBUFS); 12847 } 12848 12849 sp->tail_mbuf = m_last(sp->data); 12850 return (0); 12851#else 12852 int cancpy, willcpy, error; 12853 struct mbuf *m, *head; 12854 int cpsz = 0; 12855 12856 /* First one gets a header */ 12857 left = sp->length; 12858 head = m = sctp_get_mbuf_for_msg((left + resv_upfront), 0, M_WAITOK, 0, MT_DATA); 12859 if (m == NULL) { 12860 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12861 return (ENOBUFS); 12862 } 12863 /*- 12864 * Add this one for m in now, that way if the alloc fails we won't 12865 * have a bad cnt. 12866 */ 12867 SCTP_BUF_RESV_UF(m, resv_upfront); 12868 cancpy = M_TRAILINGSPACE(m); 12869 willcpy = min(cancpy, left); 12870 while (left > 0) { 12871 /* move in user data */ 12872 error = uiomove(mtod(m, caddr_t), willcpy, uio); 12873 if (error) { 12874 sctp_m_freem(head); 12875 return (error); 12876 } 12877 SCTP_BUF_LEN(m) = willcpy; 12878 left -= willcpy; 12879 cpsz += willcpy; 12880 if (left > 0) { 12881 SCTP_BUF_NEXT(m) = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 0, MT_DATA); 12882 if (SCTP_BUF_NEXT(m) == NULL) { 12883 /* 12884 * the head goes back to caller, he can free 12885 * the rest 12886 */ 12887 sctp_m_freem(head); 12888 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12889 return (ENOBUFS); 12890 } 12891 m = SCTP_BUF_NEXT(m); 12892 cancpy = M_TRAILINGSPACE(m); 12893 willcpy = min(cancpy, left); 12894 } else { 12895 sp->tail_mbuf = m; 12896 SCTP_BUF_NEXT(m) = NULL; 12897 } 12898 } 12899 sp->data = head; 12900 sp->length = cpsz; 12901 return (0); 12902#endif 12903} 12904 12905 12906 12907static struct sctp_stream_queue_pending * 12908sctp_copy_it_in(struct sctp_tcb *stcb, 12909 struct sctp_association *asoc, 12910 struct sctp_sndrcvinfo *srcv, 12911 struct uio *uio, 12912 struct sctp_nets *net, 12913 int max_send_len, 12914 int user_marks_eor, 12915 int *error) 12916 12917{ 12918 /*- 12919 * This routine must be very careful in its work. Protocol 12920 * processing is up and running so care must be taken to spl...() 12921 * when you need to do something that may effect the stcb/asoc. The 12922 * sb is locked however. When data is copied the protocol processing 12923 * should be enabled since this is a slower operation... 12924 */ 12925 struct sctp_stream_queue_pending *sp = NULL; 12926 int resv_in_first; 12927 12928 *error = 0; 12929 /* Now can we send this? */ 12930 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 12931 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 12932 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 12933 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 12934 /* got data while shutting down */ 12935 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12936 *error = ECONNRESET; 12937 goto out_now; 12938 } 12939 sctp_alloc_a_strmoq(stcb, sp); 12940 if (sp == NULL) { 12941 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12942 *error = ENOMEM; 12943 goto out_now; 12944 } 12945 sp->act_flags = 0; 12946 sp->sender_all_done = 0; 12947 sp->sinfo_flags = srcv->sinfo_flags; 12948 sp->timetolive = srcv->sinfo_timetolive; 12949 sp->ppid = srcv->sinfo_ppid; 12950 sp->context = srcv->sinfo_context; 12951 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 12952 12953 sp->stream = srcv->sinfo_stream; 12954#if defined(__APPLE__) 12955#if defined(APPLE_LEOPARD) 12956 sp->length = min(uio->uio_resid, max_send_len); 12957#else 12958 sp->length = min(uio_resid(uio), max_send_len); 12959#endif 12960#else 12961 sp->length = min(uio->uio_resid, max_send_len); 12962#endif 12963#if defined(__APPLE__) 12964#if defined(APPLE_LEOPARD) 12965 if ((sp->length == (uint32_t)uio->uio_resid) && 12966#else 12967 if ((sp->length == (uint32_t)uio_resid(uio)) && 12968#endif 12969#else 12970 if ((sp->length == (uint32_t)uio->uio_resid) && 12971#endif 12972 ((user_marks_eor == 0) || 12973 (srcv->sinfo_flags & SCTP_EOF) || 12974 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12975 sp->msg_is_complete = 1; 12976 } else { 12977 sp->msg_is_complete = 0; 12978 } 12979 sp->sender_all_done = 0; 12980 sp->some_taken = 0; 12981 sp->put_last_out = 0; 12982 resv_in_first = sizeof(struct sctp_data_chunk); 12983 sp->data = sp->tail_mbuf = NULL; 12984 if (sp->length == 0) { 12985 *error = 0; 12986 goto skip_copy; 12987 } 12988 if (srcv->sinfo_keynumber_valid) { 12989 sp->auth_keyid = srcv->sinfo_keynumber; 12990 } else { 12991 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 12992 } 12993 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 12994 sctp_auth_key_acquire(stcb, sp->auth_keyid); 12995 sp->holds_key_ref = 1; 12996 } 12997#if defined(__APPLE__) 12998 SCTP_SOCKET_UNLOCK(SCTP_INP_SO(stcb->sctp_ep), 0); 12999#endif 13000 *error = sctp_copy_one(sp, uio, resv_in_first); 13001#if defined(__APPLE__) 13002 SCTP_SOCKET_LOCK(SCTP_INP_SO(stcb->sctp_ep), 0); 13003#endif 13004 skip_copy: 13005 if (*error) { 13006 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED); 13007 sp = NULL; 13008 } else { 13009 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 13010 sp->net = net; 13011 atomic_add_int(&sp->net->ref_count, 1); 13012 } else { 13013 sp->net = NULL; 13014 } 13015 sctp_set_prsctp_policy(sp); 13016 } 13017out_now: 13018 return (sp); 13019} 13020 13021 13022int 13023sctp_sosend(struct socket *so, 13024 struct sockaddr *addr, 13025 struct uio *uio, 13026#ifdef __Panda__ 13027 pakhandle_type top, 13028 pakhandle_type icontrol, 13029#else 13030 struct mbuf *top, 13031 struct mbuf *control, 13032#endif 13033#if defined(__APPLE__) || defined(__Panda__) 13034 int flags 13035#else 13036 int flags, 13037#if defined(__FreeBSD__) && __FreeBSD_version >= 500000 13038 struct thread *p 13039#elif defined(__Windows__) 13040 PKTHREAD p 13041#else 13042#if defined(__Userspace__) 13043 /* 13044 * proc is a dummy in __Userspace__ and will not be passed 13045 * to sctp_lower_sosend 13046 */ 13047#endif 13048 struct proc *p 13049#endif 13050#endif 13051) 13052{ 13053#ifdef __Panda__ 13054 struct mbuf *control = NULL; 13055#endif 13056#if defined(__APPLE__) 13057 struct proc *p = current_proc(); 13058#endif 13059 int error, use_sndinfo = 0; 13060 struct sctp_sndrcvinfo sndrcvninfo; 13061 struct sockaddr *addr_to_use; 13062#if defined(INET) && defined(INET6) 13063 struct sockaddr_in sin; 13064#endif 13065 13066#if defined(__APPLE__) 13067 SCTP_SOCKET_LOCK(so, 1); 13068#endif 13069#ifdef __Panda__ 13070 control = SCTP_HEADER_TO_CHAIN(icontrol); 13071#endif 13072 if (control) { 13073 /* process cmsg snd/rcv info (maybe a assoc-id) */ 13074 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&sndrcvninfo, control, 13075 sizeof(sndrcvninfo))) { 13076 /* got one */ 13077 use_sndinfo = 1; 13078 } 13079 } 13080 addr_to_use = addr; 13081#if defined(INET) && defined(INET6) 13082 if ((addr) && (addr->sa_family == AF_INET6)) { 13083 struct sockaddr_in6 *sin6; 13084 13085 sin6 = (struct sockaddr_in6 *)addr; 13086 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 13087 in6_sin6_2_sin(&sin, sin6); 13088 addr_to_use = (struct sockaddr *)&sin; 13089 } 13090 } 13091#endif 13092 error = sctp_lower_sosend(so, addr_to_use, uio, top, 13093#ifdef __Panda__ 13094 icontrol, 13095#else 13096 control, 13097#endif 13098 flags, 13099 use_sndinfo ? &sndrcvninfo: NULL 13100#if !(defined(__Panda__) || defined(__Userspace__)) 13101 , p 13102#endif 13103 ); 13104#if defined(__APPLE__) 13105 SCTP_SOCKET_UNLOCK(so, 1); 13106#endif 13107 return (error); 13108} 13109 13110 13111int 13112sctp_lower_sosend(struct socket *so, 13113 struct sockaddr *addr, 13114 struct uio *uio, 13115#ifdef __Panda__ 13116 pakhandle_type i_pak, 13117 pakhandle_type i_control, 13118#else 13119 struct mbuf *i_pak, 13120 struct mbuf *control, 13121#endif 13122 int flags, 13123 struct sctp_sndrcvinfo *srcv 13124#if !(defined( __Panda__) || defined(__Userspace__)) 13125 , 13126#if defined(__FreeBSD__) && __FreeBSD_version >= 500000 13127 struct thread *p 13128#elif defined(__Windows__) 13129 PKTHREAD p 13130#else 13131 struct proc *p 13132#endif 13133#endif 13134 ) 13135{ 13136 unsigned int sndlen = 0, max_len; 13137 int error, len; 13138 struct mbuf *top = NULL; 13139#ifdef __Panda__ 13140 struct mbuf *control = NULL; 13141#endif 13142 int queue_only = 0, queue_only_for_init = 0; 13143 int free_cnt_applied = 0; 13144 int un_sent; 13145 int now_filled = 0; 13146 unsigned int inqueue_bytes = 0; 13147 struct sctp_block_entry be; 13148 struct sctp_inpcb *inp; 13149 struct sctp_tcb *stcb = NULL; 13150 struct timeval now; 13151 struct sctp_nets *net; 13152 struct sctp_association *asoc; 13153 struct sctp_inpcb *t_inp; 13154 int user_marks_eor; 13155 int create_lock_applied = 0; 13156 int nagle_applies = 0; 13157 int some_on_control = 0; 13158 int got_all_of_the_send = 0; 13159 int hold_tcblock = 0; 13160 int non_blocking = 0; 13161 uint32_t local_add_more, local_soresv = 0; 13162 uint16_t port; 13163 uint16_t sinfo_flags; 13164 sctp_assoc_t sinfo_assoc_id; 13165 13166 error = 0; 13167 net = NULL; 13168 stcb = NULL; 13169 asoc = NULL; 13170 13171#if defined(__APPLE__) 13172 sctp_lock_assert(so); 13173#endif 13174 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 13175 if (inp == NULL) { 13176 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13177 error = EINVAL; 13178 if (i_pak) { 13179 SCTP_RELEASE_PKT(i_pak); 13180 } 13181 return (error); 13182 } 13183 if ((uio == NULL) && (i_pak == NULL)) { 13184 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13185 return (EINVAL); 13186 } 13187 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 13188 atomic_add_int(&inp->total_sends, 1); 13189 if (uio) { 13190#if defined(__APPLE__) 13191#if defined(APPLE_LEOPARD) 13192 if (uio->uio_resid < 0) { 13193#else 13194 if (uio_resid(uio) < 0) { 13195#endif 13196#else 13197 if (uio->uio_resid < 0) { 13198#endif 13199 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13200 return (EINVAL); 13201 } 13202#if defined(__APPLE__) 13203#if defined(APPLE_LEOPARD) 13204 sndlen = uio->uio_resid; 13205#else 13206 sndlen = uio_resid(uio); 13207#endif 13208#else 13209 sndlen = uio->uio_resid; 13210#endif 13211 } else { 13212 top = SCTP_HEADER_TO_CHAIN(i_pak); 13213#ifdef __Panda__ 13214 /*- 13215 * app len indicates the datalen, dgsize for cases 13216 * of SCTP_EOF/ABORT will not have the right len 13217 */ 13218 sndlen = SCTP_APP_DATA_LEN(i_pak); 13219 /*- 13220 * Set the particle len also to zero to match 13221 * up with app len. We only have one particle 13222 * if app len is zero for Panda. This is ensured 13223 * in the socket lib 13224 */ 13225 if (sndlen == 0) { 13226 SCTP_BUF_LEN(top) = 0; 13227 } 13228 /*- 13229 * We delink the chain from header, but keep 13230 * the header around as we will need it in 13231 * EAGAIN case 13232 */ 13233 SCTP_DETACH_HEADER_FROM_CHAIN(i_pak); 13234#else 13235 sndlen = SCTP_HEADER_LEN(i_pak); 13236#endif 13237 } 13238 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n", 13239 (void *)addr, 13240 sndlen); 13241#ifdef __Panda__ 13242 if (i_control) { 13243 control = SCTP_HEADER_TO_CHAIN(i_control); 13244 } 13245#endif 13246 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 13247 (inp->sctp_socket->so_qlimit)) { 13248 /* The listener can NOT send */ 13249 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 13250 error = ENOTCONN; 13251 goto out_unlocked; 13252 } 13253 /** 13254 * Pre-screen address, if one is given the sin-len 13255 * must be set correctly! 13256 */ 13257 if (addr) { 13258 union sctp_sockstore *raddr = (union sctp_sockstore *)addr; 13259 switch (raddr->sa.sa_family) { 13260#ifdef INET 13261 case AF_INET: 13262#ifdef HAVE_SIN_LEN 13263 if (raddr->sin.sin_len != sizeof(struct sockaddr_in)) { 13264 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13265 error = EINVAL; 13266 goto out_unlocked; 13267 } 13268#endif 13269 port = raddr->sin.sin_port; 13270 break; 13271#endif 13272#ifdef INET6 13273 case AF_INET6: 13274#ifdef HAVE_SIN6_LEN 13275 if (raddr->sin6.sin6_len != sizeof(struct sockaddr_in6)) { 13276 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13277 error = EINVAL; 13278 goto out_unlocked; 13279 } 13280#endif 13281 port = raddr->sin6.sin6_port; 13282 break; 13283#endif 13284#if defined(__Userspace__) 13285 case AF_CONN: 13286#ifdef HAVE_SCONN_LEN 13287 if (raddr->sconn.sconn_len != sizeof(struct sockaddr_conn)) { 13288 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13289 error = EINVAL; 13290 goto out_unlocked; 13291 } 13292#endif 13293 port = raddr->sconn.sconn_port; 13294 break; 13295#endif 13296 default: 13297 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAFNOSUPPORT); 13298 error = EAFNOSUPPORT; 13299 goto out_unlocked; 13300 } 13301 } else 13302 port = 0; 13303 13304 if (srcv) { 13305 sinfo_flags = srcv->sinfo_flags; 13306 sinfo_assoc_id = srcv->sinfo_assoc_id; 13307 if (INVALID_SINFO_FLAG(sinfo_flags) || 13308 PR_SCTP_INVALID_POLICY(sinfo_flags)) { 13309 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13310 error = EINVAL; 13311 goto out_unlocked; 13312 } 13313 if (srcv->sinfo_flags) 13314 SCTP_STAT_INCR(sctps_sends_with_flags); 13315 } else { 13316 sinfo_flags = inp->def_send.sinfo_flags; 13317 sinfo_assoc_id = inp->def_send.sinfo_assoc_id; 13318 } 13319 if (sinfo_flags & SCTP_SENDALL) { 13320 /* its a sendall */ 13321 error = sctp_sendall(inp, uio, top, srcv); 13322 top = NULL; 13323 goto out_unlocked; 13324 } 13325 if ((sinfo_flags & SCTP_ADDR_OVER) && (addr == NULL)) { 13326 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13327 error = EINVAL; 13328 goto out_unlocked; 13329 } 13330 /* now we must find the assoc */ 13331 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) || 13332 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 13333 SCTP_INP_RLOCK(inp); 13334 stcb = LIST_FIRST(&inp->sctp_asoc_list); 13335 if (stcb) { 13336 SCTP_TCB_LOCK(stcb); 13337 hold_tcblock = 1; 13338 } 13339 SCTP_INP_RUNLOCK(inp); 13340 } else if (sinfo_assoc_id) { 13341 stcb = sctp_findassociation_ep_asocid(inp, sinfo_assoc_id, 0); 13342 } else if (addr) { 13343 /*- 13344 * Since we did not use findep we must 13345 * increment it, and if we don't find a tcb 13346 * decrement it. 13347 */ 13348 SCTP_INP_WLOCK(inp); 13349 SCTP_INP_INCR_REF(inp); 13350 SCTP_INP_WUNLOCK(inp); 13351 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 13352 if (stcb == NULL) { 13353 SCTP_INP_WLOCK(inp); 13354 SCTP_INP_DECR_REF(inp); 13355 SCTP_INP_WUNLOCK(inp); 13356 } else { 13357 hold_tcblock = 1; 13358 } 13359 } 13360 if ((stcb == NULL) && (addr)) { 13361 /* Possible implicit send? */ 13362 SCTP_ASOC_CREATE_LOCK(inp); 13363 create_lock_applied = 1; 13364 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 13365 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 13366 /* Should I really unlock ? */ 13367 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13368 error = EINVAL; 13369 goto out_unlocked; 13370 13371 } 13372 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 13373 (addr->sa_family == AF_INET6)) { 13374 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13375 error = EINVAL; 13376 goto out_unlocked; 13377 } 13378 SCTP_INP_WLOCK(inp); 13379 SCTP_INP_INCR_REF(inp); 13380 SCTP_INP_WUNLOCK(inp); 13381 /* With the lock applied look again */ 13382 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 13383 if ((stcb == NULL) && (control != NULL) && (port > 0)) { 13384 stcb = sctp_findassociation_cmsgs(&t_inp, port, control, &net, &error); 13385 } 13386 if (stcb == NULL) { 13387 SCTP_INP_WLOCK(inp); 13388 SCTP_INP_DECR_REF(inp); 13389 SCTP_INP_WUNLOCK(inp); 13390 } else { 13391 hold_tcblock = 1; 13392 } 13393 if (error) { 13394 goto out_unlocked; 13395 } 13396 if (t_inp != inp) { 13397 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 13398 error = ENOTCONN; 13399 goto out_unlocked; 13400 } 13401 } 13402 if (stcb == NULL) { 13403 if (addr == NULL) { 13404 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 13405 error = ENOENT; 13406 goto out_unlocked; 13407 } else { 13408 /* We must go ahead and start the INIT process */ 13409 uint32_t vrf_id; 13410 13411 if ((sinfo_flags & SCTP_ABORT) || 13412 ((sinfo_flags & SCTP_EOF) && (sndlen == 0))) { 13413 /*- 13414 * User asks to abort a non-existant assoc, 13415 * or EOF a non-existant assoc with no data 13416 */ 13417 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 13418 error = ENOENT; 13419 goto out_unlocked; 13420 } 13421 /* get an asoc/stcb struct */ 13422 vrf_id = inp->def_vrf_id; 13423#ifdef INVARIANTS 13424 if (create_lock_applied == 0) { 13425 panic("Error, should hold create lock and I don't?"); 13426 } 13427#endif 13428 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id, 13429#if !(defined( __Panda__) || defined(__Userspace__)) 13430 p 13431#else 13432 (struct proc *)NULL 13433#endif 13434 ); 13435 if (stcb == NULL) { 13436 /* Error is setup for us in the call */ 13437 goto out_unlocked; 13438 } 13439 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { 13440 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED; 13441 /* Set the connected flag so we can queue data */ 13442 soisconnecting(so); 13443 } 13444 hold_tcblock = 1; 13445 if (create_lock_applied) { 13446 SCTP_ASOC_CREATE_UNLOCK(inp); 13447 create_lock_applied = 0; 13448 } else { 13449 SCTP_PRINTF("Huh-3? create lock should have been on??\n"); 13450 } 13451 /* Turn on queue only flag to prevent data from being sent */ 13452 queue_only = 1; 13453 asoc = &stcb->asoc; 13454 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 13455 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 13456 13457 /* initialize authentication params for the assoc */ 13458 sctp_initialize_auth_params(inp, stcb); 13459 13460 if (control) { 13461 if (sctp_process_cmsgs_for_init(stcb, control, &error)) { 13462 sctp_free_assoc(inp, stcb, SCTP_PCBFREE_FORCE, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_7); 13463 hold_tcblock = 0; 13464 stcb = NULL; 13465 goto out_unlocked; 13466 } 13467 } 13468 /* out with the INIT */ 13469 queue_only_for_init = 1; 13470 /*- 13471 * we may want to dig in after this call and adjust the MTU 13472 * value. It defaulted to 1500 (constant) but the ro 13473 * structure may now have an update and thus we may need to 13474 * change it BEFORE we append the message. 13475 */ 13476 } 13477 } else 13478 asoc = &stcb->asoc; 13479 if (srcv == NULL) 13480 srcv = (struct sctp_sndrcvinfo *)&asoc->def_send; 13481 if (srcv->sinfo_flags & SCTP_ADDR_OVER) { 13482 if (addr) 13483 net = sctp_findnet(stcb, addr); 13484 else 13485 net = NULL; 13486 if ((net == NULL) || 13487 ((port != 0) && (port != stcb->rport))) { 13488 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13489 error = EINVAL; 13490 goto out_unlocked; 13491 } 13492 } else { 13493 if (stcb->asoc.alternate) { 13494 net = stcb->asoc.alternate; 13495 } else { 13496 net = stcb->asoc.primary_destination; 13497 } 13498 } 13499 atomic_add_int(&stcb->total_sends, 1); 13500 /* Keep the stcb from being freed under our feet */ 13501 atomic_add_int(&asoc->refcnt, 1); 13502 free_cnt_applied = 1; 13503 13504 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { 13505 if (sndlen > asoc->smallest_mtu) { 13506 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 13507 error = EMSGSIZE; 13508 goto out_unlocked; 13509 } 13510 } 13511#if defined(__Userspace__) 13512 if (inp->recv_callback) { 13513 non_blocking = 1; 13514 } 13515#else 13516 if (SCTP_SO_IS_NBIO(so) 13517#if defined(__FreeBSD__) && __FreeBSD_version >= 500000 13518 || (flags & MSG_NBIO) 13519#endif 13520 ) { 13521 non_blocking = 1; 13522 } 13523#endif 13524 /* would we block? */ 13525 if (non_blocking) { 13526 if (hold_tcblock == 0) { 13527 SCTP_TCB_LOCK(stcb); 13528 hold_tcblock = 1; 13529 } 13530 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13531 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) || 13532 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 13533 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); 13534 if (sndlen > SCTP_SB_LIMIT_SND(so)) 13535 error = EMSGSIZE; 13536 else 13537 error = EWOULDBLOCK; 13538 goto out_unlocked; 13539 } 13540 stcb->asoc.sb_send_resv += sndlen; 13541 SCTP_TCB_UNLOCK(stcb); 13542 hold_tcblock = 0; 13543 } else { 13544 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen); 13545 } 13546 local_soresv = sndlen; 13547 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13548 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 13549 error = ECONNRESET; 13550 goto out_unlocked; 13551 } 13552 if (create_lock_applied) { 13553 SCTP_ASOC_CREATE_UNLOCK(inp); 13554 create_lock_applied = 0; 13555 } 13556 if (asoc->stream_reset_outstanding) { 13557 /* 13558 * Can't queue any data while stream reset is underway. 13559 */ 13560 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN); 13561 error = EAGAIN; 13562 goto out_unlocked; 13563 } 13564 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 13565 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 13566 queue_only = 1; 13567 } 13568 /* we are now done with all control */ 13569 if (control) { 13570 sctp_m_freem(control); 13571 control = NULL; 13572 } 13573 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 13574 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 13575 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 13576 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 13577 if (srcv->sinfo_flags & SCTP_ABORT) { 13578 ; 13579 } else { 13580 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 13581 error = ECONNRESET; 13582 goto out_unlocked; 13583 } 13584 } 13585 /* Ok, we will attempt a msgsnd :> */ 13586#if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__)) 13587 if (p) { 13588#if defined(__FreeBSD__) && __FreeBSD_version >= 603000 13589 p->td_ru.ru_msgsnd++; 13590#elif defined(__FreeBSD__) && __FreeBSD_version >= 500000 13591 p->td_proc->p_stats->p_ru.ru_msgsnd++; 13592#else 13593 p->p_stats->p_ru.ru_msgsnd++; 13594#endif 13595 } 13596#endif 13597 /* Are we aborting? */ 13598 if (srcv->sinfo_flags & SCTP_ABORT) { 13599 struct mbuf *mm; 13600 int tot_demand, tot_out = 0, max_out; 13601 13602 SCTP_STAT_INCR(sctps_sends_with_abort); 13603 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 13604 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 13605 /* It has to be up before we abort */ 13606 /* how big is the user initiated abort? */ 13607 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13608 error = EINVAL; 13609 goto out; 13610 } 13611 if (hold_tcblock) { 13612 SCTP_TCB_UNLOCK(stcb); 13613 hold_tcblock = 0; 13614 } 13615 if (top) { 13616 struct mbuf *cntm = NULL; 13617 13618 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_WAITOK, 1, MT_DATA); 13619 if (sndlen != 0) { 13620 for (cntm = top; cntm; cntm = SCTP_BUF_NEXT(cntm)) { 13621 tot_out += SCTP_BUF_LEN(cntm); 13622 } 13623 } 13624 } else { 13625 /* Must fit in a MTU */ 13626 tot_out = sndlen; 13627 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 13628 if (tot_demand > SCTP_DEFAULT_ADD_MORE) { 13629 /* To big */ 13630 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 13631 error = EMSGSIZE; 13632 goto out; 13633 } 13634 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAITOK, 1, MT_DATA); 13635 } 13636 if (mm == NULL) { 13637 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 13638 error = ENOMEM; 13639 goto out; 13640 } 13641 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); 13642 max_out -= sizeof(struct sctp_abort_msg); 13643 if (tot_out > max_out) { 13644 tot_out = max_out; 13645 } 13646 if (mm) { 13647 struct sctp_paramhdr *ph; 13648 13649 /* now move forward the data pointer */ 13650 ph = mtod(mm, struct sctp_paramhdr *); 13651 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 13652 ph->param_length = htons(sizeof(struct sctp_paramhdr) + tot_out); 13653 ph++; 13654 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr); 13655 if (top == NULL) { 13656#if defined(__APPLE__) 13657 SCTP_SOCKET_UNLOCK(so, 0); 13658#endif 13659 error = uiomove((caddr_t)ph, (int)tot_out, uio); 13660#if defined(__APPLE__) 13661 SCTP_SOCKET_LOCK(so, 0); 13662#endif 13663 if (error) { 13664 /*- 13665 * Here if we can't get his data we 13666 * still abort we just don't get to 13667 * send the users note :-0 13668 */ 13669 sctp_m_freem(mm); 13670 mm = NULL; 13671 } 13672 } else { 13673 if (sndlen != 0) { 13674 SCTP_BUF_NEXT(mm) = top; 13675 } 13676 } 13677 } 13678 if (hold_tcblock == 0) { 13679 SCTP_TCB_LOCK(stcb); 13680 } 13681 atomic_add_int(&stcb->asoc.refcnt, -1); 13682 free_cnt_applied = 0; 13683 /* release this lock, otherwise we hang on ourselves */ 13684 sctp_abort_an_association(stcb->sctp_ep, stcb, mm, SCTP_SO_LOCKED); 13685 /* now relock the stcb so everything is sane */ 13686 hold_tcblock = 0; 13687 stcb = NULL; 13688 /* In this case top is already chained to mm 13689 * avoid double free, since we free it below if 13690 * top != NULL and driver would free it after sending 13691 * the packet out 13692 */ 13693 if (sndlen != 0) { 13694 top = NULL; 13695 } 13696 goto out_unlocked; 13697 } 13698 /* Calculate the maximum we can send */ 13699 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13700 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 13701 if (non_blocking) { 13702 /* we already checked for non-blocking above. */ 13703 max_len = sndlen; 13704 } else { 13705 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 13706 } 13707 } else { 13708 max_len = 0; 13709 } 13710 if (hold_tcblock) { 13711 SCTP_TCB_UNLOCK(stcb); 13712 hold_tcblock = 0; 13713 } 13714 /* Is the stream no. valid? */ 13715 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 13716 /* Invalid stream number */ 13717 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13718 error = EINVAL; 13719 goto out_unlocked; 13720 } 13721 if (asoc->strmout == NULL) { 13722 /* huh? software error */ 13723 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 13724 error = EFAULT; 13725 goto out_unlocked; 13726 } 13727 13728 /* Unless E_EOR mode is on, we must make a send FIT in one call. */ 13729 if ((user_marks_eor == 0) && 13730 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { 13731 /* It will NEVER fit */ 13732 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 13733 error = EMSGSIZE; 13734 goto out_unlocked; 13735 } 13736 if ((uio == NULL) && user_marks_eor) { 13737 /*- 13738 * We do not support eeor mode for 13739 * sending with mbuf chains (like sendfile). 13740 */ 13741 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13742 error = EINVAL; 13743 goto out_unlocked; 13744 } 13745 13746 if (user_marks_eor) { 13747 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); 13748 } else { 13749 /*- 13750 * For non-eeor the whole message must fit in 13751 * the socket send buffer. 13752 */ 13753 local_add_more = sndlen; 13754 } 13755 len = 0; 13756 if (non_blocking) { 13757 goto skip_preblock; 13758 } 13759 if (((max_len <= local_add_more) && 13760 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || 13761 (max_len == 0) || 13762 ((stcb->asoc.chunks_on_out_queue+stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 13763 /* No room right now ! */ 13764 SOCKBUF_LOCK(&so->so_snd); 13765 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13766 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || 13767 ((stcb->asoc.stream_queue_cnt+stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 13768 SCTPDBG(SCTP_DEBUG_OUTPUT1,"pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", 13769 (unsigned int)SCTP_SB_LIMIT_SND(so), 13770 inqueue_bytes, 13771 local_add_more, 13772 stcb->asoc.stream_queue_cnt, 13773 stcb->asoc.chunks_on_out_queue, 13774 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)); 13775 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13776 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, asoc, sndlen); 13777 } 13778 be.error = 0; 13779#if !defined(__Panda__) && !defined(__Windows__) 13780 stcb->block_entry = &be; 13781#endif 13782 error = sbwait(&so->so_snd); 13783 stcb->block_entry = NULL; 13784 if (error || so->so_error || be.error) { 13785 if (error == 0) { 13786 if (so->so_error) 13787 error = so->so_error; 13788 if (be.error) { 13789 error = be.error; 13790 } 13791 } 13792 SOCKBUF_UNLOCK(&so->so_snd); 13793 goto out_unlocked; 13794 } 13795 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13796 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 13797 asoc, stcb->asoc.total_output_queue_size); 13798 } 13799 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13800 goto out_unlocked; 13801 } 13802 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13803 } 13804 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 13805 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 13806 } else { 13807 max_len = 0; 13808 } 13809 SOCKBUF_UNLOCK(&so->so_snd); 13810 } 13811 13812skip_preblock: 13813 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13814 goto out_unlocked; 13815 } 13816#if defined(__APPLE__) 13817 error = sblock(&so->so_snd, SBLOCKWAIT(flags)); 13818#endif 13819 /* sndlen covers for mbuf case 13820 * uio_resid covers for the non-mbuf case 13821 * NOTE: uio will be null when top/mbuf is passed 13822 */ 13823 if (sndlen == 0) { 13824 if (srcv->sinfo_flags & SCTP_EOF) { 13825 got_all_of_the_send = 1; 13826 goto dataless_eof; 13827 } else { 13828 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13829 error = EINVAL; 13830 goto out; 13831 } 13832 } 13833 if (top == NULL) { 13834 struct sctp_stream_queue_pending *sp; 13835 struct sctp_stream_out *strm; 13836 uint32_t sndout; 13837 13838 SCTP_TCB_SEND_LOCK(stcb); 13839 if ((asoc->stream_locked) && 13840 (asoc->stream_locked_on != srcv->sinfo_stream)) { 13841 SCTP_TCB_SEND_UNLOCK(stcb); 13842 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13843 error = EINVAL; 13844 goto out; 13845 } 13846 SCTP_TCB_SEND_UNLOCK(stcb); 13847 13848 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 13849 if (strm->last_msg_incomplete == 0) { 13850 do_a_copy_in: 13851 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error); 13852 if ((sp == NULL) || (error)) { 13853 goto out; 13854 } 13855 SCTP_TCB_SEND_LOCK(stcb); 13856 if (sp->msg_is_complete) { 13857 strm->last_msg_incomplete = 0; 13858 asoc->stream_locked = 0; 13859 } else { 13860 /* Just got locked to this guy in 13861 * case of an interrupt. 13862 */ 13863 strm->last_msg_incomplete = 1; 13864 asoc->stream_locked = 1; 13865 asoc->stream_locked_on = srcv->sinfo_stream; 13866 sp->sender_all_done = 0; 13867 } 13868 sctp_snd_sb_alloc(stcb, sp->length); 13869 atomic_add_int(&asoc->stream_queue_cnt, 1); 13870 if (srcv->sinfo_flags & SCTP_UNORDERED) { 13871 SCTP_STAT_INCR(sctps_sends_with_unord); 13872 } 13873 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 13874 stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, asoc, strm, sp, 1); 13875 SCTP_TCB_SEND_UNLOCK(stcb); 13876 } else { 13877 SCTP_TCB_SEND_LOCK(stcb); 13878 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead); 13879 SCTP_TCB_SEND_UNLOCK(stcb); 13880 if (sp == NULL) { 13881 /* ???? Huh ??? last msg is gone */ 13882#ifdef INVARIANTS 13883 panic("Warning: Last msg marked incomplete, yet nothing left?"); 13884#else 13885 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n"); 13886 strm->last_msg_incomplete = 0; 13887#endif 13888 goto do_a_copy_in; 13889 13890 } 13891 } 13892#if defined(__APPLE__) 13893#if defined(APPLE_LEOPARD) 13894 while (uio->uio_resid > 0) { 13895#else 13896 while (uio_resid(uio) > 0) { 13897#endif 13898#else 13899 while (uio->uio_resid > 0) { 13900#endif 13901 /* How much room do we have? */ 13902 struct mbuf *new_tail, *mm; 13903 13904 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 13905 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 13906 else 13907 max_len = 0; 13908 13909 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || 13910 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) || 13911#if defined(__APPLE__) 13912#if defined(APPLE_LEOPARD) 13913 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) { 13914#else 13915 (uio_resid(uio) && (uio_resid(uio) <= (int)max_len))) { 13916#endif 13917#else 13918 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) { 13919#endif 13920 sndout = 0; 13921 new_tail = NULL; 13922 if (hold_tcblock) { 13923 SCTP_TCB_UNLOCK(stcb); 13924 hold_tcblock = 0; 13925 } 13926#if defined(__APPLE__) 13927 SCTP_SOCKET_UNLOCK(so, 0); 13928#endif 13929#if defined(__FreeBSD__) && __FreeBSD_version > 602000 13930 mm = sctp_copy_resume(uio, max_len, user_marks_eor, &error, &sndout, &new_tail); 13931#else 13932 mm = sctp_copy_resume(uio, max_len, &error, &sndout, &new_tail); 13933#endif 13934#if defined(__APPLE__) 13935 SCTP_SOCKET_LOCK(so, 0); 13936#endif 13937 if ((mm == NULL) || error) { 13938 if (mm) { 13939 sctp_m_freem(mm); 13940 } 13941 goto out; 13942 } 13943 /* Update the mbuf and count */ 13944 SCTP_TCB_SEND_LOCK(stcb); 13945 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13946 /* we need to get out. 13947 * Peer probably aborted. 13948 */ 13949 sctp_m_freem(mm); 13950 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) { 13951 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 13952 error = ECONNRESET; 13953 } 13954 SCTP_TCB_SEND_UNLOCK(stcb); 13955 goto out; 13956 } 13957 if (sp->tail_mbuf) { 13958 /* tack it to the end */ 13959 SCTP_BUF_NEXT(sp->tail_mbuf) = mm; 13960 sp->tail_mbuf = new_tail; 13961 } else { 13962 /* A stolen mbuf */ 13963 sp->data = mm; 13964 sp->tail_mbuf = new_tail; 13965 } 13966 sctp_snd_sb_alloc(stcb, sndout); 13967 atomic_add_int(&sp->length,sndout); 13968 len += sndout; 13969 13970 /* Did we reach EOR? */ 13971#if defined(__APPLE__) 13972#if defined(APPLE_LEOPARD) 13973 if ((uio->uio_resid == 0) && 13974#else 13975 if ((uio_resid(uio) == 0) && 13976#endif 13977#else 13978 if ((uio->uio_resid == 0) && 13979#endif 13980 ((user_marks_eor == 0) || 13981 (srcv->sinfo_flags & SCTP_EOF) || 13982 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 13983 sp->msg_is_complete = 1; 13984 } else { 13985 sp->msg_is_complete = 0; 13986 } 13987 SCTP_TCB_SEND_UNLOCK(stcb); 13988 } 13989#if defined(__APPLE__) 13990#if defined(APPLE_LEOPARD) 13991 if (uio->uio_resid == 0) { 13992#else 13993 if (uio_resid(uio) == 0) { 13994#endif 13995#else 13996 if (uio->uio_resid == 0) { 13997#endif 13998 /* got it all? */ 13999 continue; 14000 } 14001 /* PR-SCTP? */ 14002 if ((asoc->prsctp_supported) && (asoc->sent_queue_cnt_removeable > 0)) { 14003 /* This is ugly but we must assure locking order */ 14004 if (hold_tcblock == 0) { 14005 SCTP_TCB_LOCK(stcb); 14006 hold_tcblock = 1; 14007 } 14008 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 14009 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 14010 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 14011 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 14012 else 14013 max_len = 0; 14014 if (max_len > 0) { 14015 continue; 14016 } 14017 SCTP_TCB_UNLOCK(stcb); 14018 hold_tcblock = 0; 14019 } 14020 /* wait for space now */ 14021 if (non_blocking) { 14022 /* Non-blocking io in place out */ 14023 goto skip_out_eof; 14024 } 14025 /* What about the INIT, send it maybe */ 14026 if (queue_only_for_init) { 14027 if (hold_tcblock == 0) { 14028 SCTP_TCB_LOCK(stcb); 14029 hold_tcblock = 1; 14030 } 14031 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 14032 /* a collision took us forward? */ 14033 queue_only = 0; 14034 } else { 14035 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 14036 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 14037 queue_only = 1; 14038 } 14039 } 14040 if ((net->flight_size > net->cwnd) && 14041 (asoc->sctp_cmt_on_off == 0)) { 14042 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 14043 queue_only = 1; 14044 } else if (asoc->ifp_had_enobuf) { 14045 SCTP_STAT_INCR(sctps_ifnomemqueued); 14046 if (net->flight_size > (2 * net->mtu)) { 14047 queue_only = 1; 14048 } 14049 asoc->ifp_had_enobuf = 0; 14050 } 14051 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 14052 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 14053 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 14054 (stcb->asoc.total_flight > 0) && 14055 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 14056 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 14057 14058 /*- 14059 * Ok, Nagle is set on and we have data outstanding. 14060 * Don't send anything and let SACKs drive out the 14061 * data unless wen have a "full" segment to send. 14062 */ 14063 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 14064 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 14065 } 14066 SCTP_STAT_INCR(sctps_naglequeued); 14067 nagle_applies = 1; 14068 } else { 14069 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 14070 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 14071 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 14072 } 14073 SCTP_STAT_INCR(sctps_naglesent); 14074 nagle_applies = 0; 14075 } 14076 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 14077 14078 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 14079 nagle_applies, un_sent); 14080 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 14081 stcb->asoc.total_flight, 14082 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 14083 } 14084 if (queue_only_for_init) 14085 queue_only_for_init = 0; 14086 if ((queue_only == 0) && (nagle_applies == 0)) { 14087 /*- 14088 * need to start chunk output 14089 * before blocking.. note that if 14090 * a lock is already applied, then 14091 * the input via the net is happening 14092 * and I don't need to start output :-D 14093 */ 14094 if (hold_tcblock == 0) { 14095 if (SCTP_TCB_TRYLOCK(stcb)) { 14096 hold_tcblock = 1; 14097 sctp_chunk_output(inp, 14098 stcb, 14099 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 14100 } 14101 } else { 14102 sctp_chunk_output(inp, 14103 stcb, 14104 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 14105 } 14106 if (hold_tcblock == 1) { 14107 SCTP_TCB_UNLOCK(stcb); 14108 hold_tcblock = 0; 14109 } 14110 } 14111 SOCKBUF_LOCK(&so->so_snd); 14112 /*- 14113 * This is a bit strange, but I think it will 14114 * work. The total_output_queue_size is locked and 14115 * protected by the TCB_LOCK, which we just released. 14116 * There is a race that can occur between releasing it 14117 * above, and me getting the socket lock, where sacks 14118 * come in but we have not put the SB_WAIT on the 14119 * so_snd buffer to get the wakeup. After the LOCK 14120 * is applied the sack_processing will also need to 14121 * LOCK the so->so_snd to do the actual sowwakeup(). So 14122 * once we have the socket buffer lock if we recheck the 14123 * size we KNOW we will get to sleep safely with the 14124 * wakeup flag in place. 14125 */ 14126 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size + 14127 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) { 14128 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 14129#if defined(__APPLE__) 14130#if defined(APPLE_LEOPARD) 14131 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 14132 asoc, uio->uio_resid); 14133#else 14134 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 14135 asoc, uio_resid(uio)); 14136#endif 14137#else 14138 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 14139 asoc, uio->uio_resid); 14140#endif 14141 } 14142 be.error = 0; 14143#if !defined(__Panda__) && !defined(__Windows__) 14144 stcb->block_entry = &be; 14145#endif 14146#if defined(__APPLE__) 14147 sbunlock(&so->so_snd, 1); 14148#endif 14149 error = sbwait(&so->so_snd); 14150 stcb->block_entry = NULL; 14151 14152 if (error || so->so_error || be.error) { 14153 if (error == 0) { 14154 if (so->so_error) 14155 error = so->so_error; 14156 if (be.error) { 14157 error = be.error; 14158 } 14159 } 14160 SOCKBUF_UNLOCK(&so->so_snd); 14161 goto out_unlocked; 14162 } 14163 14164#if defined(__APPLE__) 14165 error = sblock(&so->so_snd, SBLOCKWAIT(flags)); 14166#endif 14167 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 14168 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 14169 asoc, stcb->asoc.total_output_queue_size); 14170 } 14171 } 14172 SOCKBUF_UNLOCK(&so->so_snd); 14173 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 14174 goto out_unlocked; 14175 } 14176 } 14177 SCTP_TCB_SEND_LOCK(stcb); 14178 if (sp) { 14179 if (sp->msg_is_complete == 0) { 14180 strm->last_msg_incomplete = 1; 14181 asoc->stream_locked = 1; 14182 asoc->stream_locked_on = srcv->sinfo_stream; 14183 } else { 14184 sp->sender_all_done = 1; 14185 strm->last_msg_incomplete = 0; 14186 asoc->stream_locked = 0; 14187 } 14188 } else { 14189 SCTP_PRINTF("Huh no sp TSNH?\n"); 14190 strm->last_msg_incomplete = 0; 14191 asoc->stream_locked = 0; 14192 } 14193 SCTP_TCB_SEND_UNLOCK(stcb); 14194#if defined(__APPLE__) 14195#if defined(APPLE_LEOPARD) 14196 if (uio->uio_resid == 0) { 14197#else 14198 if (uio_resid(uio) == 0) { 14199#endif 14200#else 14201 if (uio->uio_resid == 0) { 14202#endif 14203 got_all_of_the_send = 1; 14204 } 14205 } else { 14206 /* We send in a 0, since we do NOT have any locks */ 14207 error = sctp_msg_append(stcb, net, top, srcv, 0); 14208 top = NULL; 14209 if (srcv->sinfo_flags & SCTP_EOF) { 14210 /* 14211 * This should only happen for Panda for the mbuf 14212 * send case, which does NOT yet support EEOR mode. 14213 * Thus, we can just set this flag to do the proper 14214 * EOF handling. 14215 */ 14216 got_all_of_the_send = 1; 14217 } 14218 } 14219 if (error) { 14220 goto out; 14221 } 14222dataless_eof: 14223 /* EOF thing ? */ 14224 if ((srcv->sinfo_flags & SCTP_EOF) && 14225 (got_all_of_the_send == 1)) { 14226 int cnt; 14227 SCTP_STAT_INCR(sctps_sends_with_eof); 14228 error = 0; 14229 if (hold_tcblock == 0) { 14230 SCTP_TCB_LOCK(stcb); 14231 hold_tcblock = 1; 14232 } 14233 cnt = sctp_is_there_unsent_data(stcb, SCTP_SO_LOCKED); 14234 if (TAILQ_EMPTY(&asoc->send_queue) && 14235 TAILQ_EMPTY(&asoc->sent_queue) && 14236 (cnt == 0)) { 14237 if (asoc->locked_on_sending) { 14238 goto abort_anyway; 14239 } 14240 /* there is nothing queued to send, so I'm done... */ 14241 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 14242 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 14243 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 14244 struct sctp_nets *netp; 14245 14246 /* only send SHUTDOWN the first time through */ 14247 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 14248 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 14249 } 14250 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 14251 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 14252 sctp_stop_timers_for_shutdown(stcb); 14253 if (stcb->asoc.alternate) { 14254 netp = stcb->asoc.alternate; 14255 } else { 14256 netp = stcb->asoc.primary_destination; 14257 } 14258 sctp_send_shutdown(stcb, netp); 14259 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 14260 netp); 14261 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 14262 asoc->primary_destination); 14263 } 14264 } else { 14265 /*- 14266 * we still got (or just got) data to send, so set 14267 * SHUTDOWN_PENDING 14268 */ 14269 /*- 14270 * XXX sockets draft says that SCTP_EOF should be 14271 * sent with no data. currently, we will allow user 14272 * data to be sent first and move to 14273 * SHUTDOWN-PENDING 14274 */ 14275 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 14276 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 14277 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 14278 if (hold_tcblock == 0) { 14279 SCTP_TCB_LOCK(stcb); 14280 hold_tcblock = 1; 14281 } 14282 if (asoc->locked_on_sending) { 14283 /* Locked to send out the data */ 14284 struct sctp_stream_queue_pending *sp; 14285 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 14286 if (sp) { 14287 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 14288 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 14289 } 14290 } 14291 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 14292 if (TAILQ_EMPTY(&asoc->send_queue) && 14293 TAILQ_EMPTY(&asoc->sent_queue) && 14294 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 14295 abort_anyway: 14296 if (free_cnt_applied) { 14297 atomic_add_int(&stcb->asoc.refcnt, -1); 14298 free_cnt_applied = 0; 14299 } 14300 sctp_abort_an_association(stcb->sctp_ep, stcb, 14301 NULL, SCTP_SO_LOCKED); 14302 /* now relock the stcb so everything is sane */ 14303 hold_tcblock = 0; 14304 stcb = NULL; 14305 goto out; 14306 } 14307 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 14308 asoc->primary_destination); 14309 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY); 14310 } 14311 } 14312 } 14313skip_out_eof: 14314 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 14315 some_on_control = 1; 14316 } 14317 if (queue_only_for_init) { 14318 if (hold_tcblock == 0) { 14319 SCTP_TCB_LOCK(stcb); 14320 hold_tcblock = 1; 14321 } 14322 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 14323 /* a collision took us forward? */ 14324 queue_only = 0; 14325 } else { 14326 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 14327 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT); 14328 queue_only = 1; 14329 } 14330 } 14331 if ((net->flight_size > net->cwnd) && 14332 (stcb->asoc.sctp_cmt_on_off == 0)) { 14333 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 14334 queue_only = 1; 14335 } else if (asoc->ifp_had_enobuf) { 14336 SCTP_STAT_INCR(sctps_ifnomemqueued); 14337 if (net->flight_size > (2 * net->mtu)) { 14338 queue_only = 1; 14339 } 14340 asoc->ifp_had_enobuf = 0; 14341 } 14342 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 14343 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 14344 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 14345 (stcb->asoc.total_flight > 0) && 14346 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 14347 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 14348 /*- 14349 * Ok, Nagle is set on and we have data outstanding. 14350 * Don't send anything and let SACKs drive out the 14351 * data unless wen have a "full" segment to send. 14352 */ 14353 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 14354 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 14355 } 14356 SCTP_STAT_INCR(sctps_naglequeued); 14357 nagle_applies = 1; 14358 } else { 14359 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 14360 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 14361 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 14362 } 14363 SCTP_STAT_INCR(sctps_naglesent); 14364 nagle_applies = 0; 14365 } 14366 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 14367 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 14368 nagle_applies, un_sent); 14369 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 14370 stcb->asoc.total_flight, 14371 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 14372 } 14373 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 14374 /* we can attempt to send too. */ 14375 if (hold_tcblock == 0) { 14376 /* If there is activity recv'ing sacks no need to send */ 14377 if (SCTP_TCB_TRYLOCK(stcb)) { 14378 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 14379 hold_tcblock = 1; 14380 } 14381 } else { 14382 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 14383 } 14384 } else if ((queue_only == 0) && 14385 (stcb->asoc.peers_rwnd == 0) && 14386 (stcb->asoc.total_flight == 0)) { 14387 /* We get to have a probe outstanding */ 14388 if (hold_tcblock == 0) { 14389 hold_tcblock = 1; 14390 SCTP_TCB_LOCK(stcb); 14391 } 14392 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 14393 } else if (some_on_control) { 14394 int num_out, reason, frag_point; 14395 14396 /* Here we do control only */ 14397 if (hold_tcblock == 0) { 14398 hold_tcblock = 1; 14399 SCTP_TCB_LOCK(stcb); 14400 } 14401 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 14402 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 14403 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED); 14404 } 14405 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n", 14406 queue_only, stcb->asoc.peers_rwnd, un_sent, 14407 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 14408 stcb->asoc.total_output_queue_size, error); 14409 14410out: 14411#if defined(__APPLE__) 14412 sbunlock(&so->so_snd, 1); 14413#endif 14414out_unlocked: 14415 14416 if (local_soresv && stcb) { 14417 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen); 14418 } 14419 if (create_lock_applied) { 14420 SCTP_ASOC_CREATE_UNLOCK(inp); 14421 } 14422 if ((stcb) && hold_tcblock) { 14423 SCTP_TCB_UNLOCK(stcb); 14424 } 14425 if (stcb && free_cnt_applied) { 14426 atomic_add_int(&stcb->asoc.refcnt, -1); 14427 } 14428#ifdef INVARIANTS 14429#if !defined(__APPLE__) 14430 if (stcb) { 14431 if (mtx_owned(&stcb->tcb_mtx)) { 14432 panic("Leaving with tcb mtx owned?"); 14433 } 14434 if (mtx_owned(&stcb->tcb_send_mtx)) { 14435 panic("Leaving with tcb send mtx owned?"); 14436 } 14437 } 14438#endif 14439#endif 14440#ifdef __Panda__ 14441 /* 14442 * Handle the EAGAIN/ENOMEM cases to reattach the pak header 14443 * to particle when pak is passed in, so that caller 14444 * can try again with this pak 14445 * 14446 * NOTE: For other cases, including success case, 14447 * we simply want to return the header back to free 14448 * pool 14449 */ 14450 if (top) { 14451 if ((error == EAGAIN) || (error == ENOMEM)) { 14452 SCTP_ATTACH_CHAIN(i_pak, top, sndlen); 14453 top = NULL; 14454 } else { 14455 (void)SCTP_RELEASE_HEADER(i_pak); 14456 } 14457 } else { 14458 /* This is to handle cases when top has 14459 * been reset to NULL but pak might not 14460 * be freed 14461 */ 14462 if (i_pak) { 14463 (void)SCTP_RELEASE_HEADER(i_pak); 14464 } 14465 } 14466#endif 14467#ifdef INVARIANTS 14468 if (inp) { 14469 sctp_validate_no_locks(inp); 14470 } else { 14471 SCTP_PRINTF("Warning - inp is NULL so cant validate locks\n"); 14472 } 14473#endif 14474 if (top) { 14475 sctp_m_freem(top); 14476 } 14477 if (control) { 14478 sctp_m_freem(control); 14479 } 14480 return (error); 14481} 14482 14483 14484/* 14485 * generate an AUTHentication chunk, if required 14486 */ 14487struct mbuf * 14488sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 14489 struct sctp_auth_chunk **auth_ret, uint32_t * offset, 14490 struct sctp_tcb *stcb, uint8_t chunk) 14491{ 14492 struct mbuf *m_auth; 14493 struct sctp_auth_chunk *auth; 14494 int chunk_len; 14495 struct mbuf *cn; 14496 14497 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) || 14498 (stcb == NULL)) 14499 return (m); 14500 14501 if (stcb->asoc.auth_supported == 0) { 14502 return (m); 14503 } 14504 /* does the requested chunk require auth? */ 14505 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) { 14506 return (m); 14507 } 14508 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_NOWAIT, 1, MT_HEADER); 14509 if (m_auth == NULL) { 14510 /* no mbuf's */ 14511 return (m); 14512 } 14513 /* reserve some space if this will be the first mbuf */ 14514 if (m == NULL) 14515 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD); 14516 /* fill in the AUTH chunk details */ 14517 auth = mtod(m_auth, struct sctp_auth_chunk *); 14518 bzero(auth, sizeof(*auth)); 14519 auth->ch.chunk_type = SCTP_AUTHENTICATION; 14520 auth->ch.chunk_flags = 0; 14521 chunk_len = sizeof(*auth) + 14522 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 14523 auth->ch.chunk_length = htons(chunk_len); 14524 auth->hmac_id = htons(stcb->asoc.peer_hmac_id); 14525 /* key id and hmac digest will be computed and filled in upon send */ 14526 14527 /* save the offset where the auth was inserted into the chain */ 14528 *offset = 0; 14529 for (cn = m; cn; cn = SCTP_BUF_NEXT(cn)) { 14530 *offset += SCTP_BUF_LEN(cn); 14531 } 14532 14533 /* update length and return pointer to the auth chunk */ 14534 SCTP_BUF_LEN(m_auth) = chunk_len; 14535 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0); 14536 if (auth_ret != NULL) 14537 *auth_ret = auth; 14538 14539 return (m); 14540} 14541 14542#if defined(__FreeBSD__) || defined(__APPLE__) 14543#ifdef INET6 14544int 14545sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t *ro) 14546{ 14547 struct nd_prefix *pfx = NULL; 14548 struct nd_pfxrouter *pfxrtr = NULL; 14549 struct sockaddr_in6 gw6; 14550 14551 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6) 14552 return (0); 14553 14554 /* get prefix entry of address */ 14555 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) { 14556 if (pfx->ndpr_stateflags & NDPRF_DETACHED) 14557 continue; 14558 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr, 14559 &src6->sin6_addr, &pfx->ndpr_mask)) 14560 break; 14561 } 14562 /* no prefix entry in the prefix list */ 14563 if (pfx == NULL) { 14564 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for "); 14565 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 14566 return (0); 14567 } 14568 14569 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is "); 14570 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 14571 14572 /* search installed gateway from prefix entry */ 14573 LIST_FOREACH(pfxrtr, &pfx->ndpr_advrtrs, pfr_entry) { 14574 memset(&gw6, 0, sizeof(struct sockaddr_in6)); 14575 gw6.sin6_family = AF_INET6; 14576#ifdef HAVE_SIN6_LEN 14577 gw6.sin6_len = sizeof(struct sockaddr_in6); 14578#endif 14579 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr, 14580 sizeof(struct in6_addr)); 14581 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is "); 14582 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6); 14583 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is "); 14584 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 14585 if (sctp_cmpaddr((struct sockaddr *)&gw6, 14586 ro->ro_rt->rt_gateway)) { 14587 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n"); 14588 return (1); 14589 } 14590 } 14591 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n"); 14592 return (0); 14593} 14594#endif 14595 14596int 14597sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t *ro) 14598{ 14599#ifdef INET 14600 struct sockaddr_in *sin, *mask; 14601 struct ifaddr *ifa; 14602 struct in_addr srcnetaddr, gwnetaddr; 14603 14604 if (ro == NULL || ro->ro_rt == NULL || 14605 sifa->address.sa.sa_family != AF_INET) { 14606 return (0); 14607 } 14608 ifa = (struct ifaddr *)sifa->ifa; 14609 mask = (struct sockaddr_in *)(ifa->ifa_netmask); 14610 sin = &sifa->address.sin; 14611 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 14612 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is "); 14613 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 14614 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr); 14615 14616 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway; 14617 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 14618 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is "); 14619 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 14620 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr); 14621 if (srcnetaddr.s_addr == gwnetaddr.s_addr) { 14622 return (1); 14623 } 14624#endif 14625 return (0); 14626} 14627#elif defined(__Userspace__) 14628/* TODO __Userspace__ versions of sctp_vXsrc_match_nexthop(). */ 14629int 14630sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t *ro) 14631{ 14632 return (0); 14633} 14634int 14635sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t *ro) 14636{ 14637 return (0); 14638} 14639 14640#endif 14641